Your IP : 216.73.216.14
[Mon Aug 08 12:47:10.212075 2022] [proxy_http:error] [pid 1482106] (70007)The timeout specified has expired: [client 77.83.112.61:7903] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:10.212156 2022] [proxy:error] [pid 1482106] [client 77.83.112.61:7903] AH00898: Error reading from remote server returned by /rest/attribute-sets/default, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:10.255750 2022] [proxy_http:error] [pid 1482108] (70007)The timeout specified has expired: [client 77.83.112.61:7904] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:10.255789 2022] [proxy:error] [pid 1482108] [client 77.83.112.61:7904] AH00898: Error reading from remote server returned by /rest/categories/default, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:10.280270 2022] [proxy_http:error] [pid 1482090] (70007)The timeout specified has expired: [client 77.83.112.61:7907] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:10.280304 2022] [proxy:error] [pid 1482090] [client 77.83.112.61:7907] AH00898: Error reading from remote server returned by /rest/categories/main_website_store, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:10.280463 2022] [proxy_http:error] [pid 1482107] (70007)The timeout specified has expired: [client 77.83.112.61:7905] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:10.280478 2022] [proxy:error] [pid 1482107] [client 77.83.112.61:7905] AH00898: Error reading from remote server returned by /rest/attribute-sets/main_website_store, referer: http://pms.test.indaco.store/home
[Mon Aug 08 12:47:15.318670 2022] [proxy_http:error] [pid 1482105] (70007)The timeout specified has expired: [client 77.83.112.61:7902] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/createProduct
[Mon Aug 08 12:47:15.318708 2022] [proxy:error] [pid 1482105] [client 77.83.112.61:7902] AH00898: Error reading from remote server returned by /rest/tax/all, referer: http://pms.test.indaco.store/createProduct
[Mon Aug 08 12:47:42.636264 2022] [proxy_http:error] [pid 1482092] (70007)The timeout specified has expired: [client 77.83.112.61:8055] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/createProduct
[Mon Aug 08 12:47:42.636309 2022] [proxy:error] [pid 1482092] [client 77.83.112.61:8055] AH00898: Error reading from remote server returned by /rest/categories/default, referer: http://pms.test.indaco.store/createProduct
[Mon Aug 08 14:02:33.275524 2022] [proxy_http:error] [pid 1482093] (70007)The timeout specified has expired: [client 77.83.112.61:34990] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:33.275577 2022] [proxy:error] [pid 1482093] [client 77.83.112.61:34990] AH00898: Error reading from remote server returned by /rest/attribute-sets/default, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:33.292233 2022] [proxy_http:error] [pid 1482108] (70007)The timeout specified has expired: [client 77.83.112.61:34996] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:33.292266 2022] [proxy:error] [pid 1482108] [client 77.83.112.61:34996] AH00898: Error reading from remote server returned by /rest/attribute-sets/main_website_store, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:33.292266 2022] [proxy_http:error] [pid 1482103] (70007)The timeout specified has expired: [client 77.83.112.61:34988] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:33.292291 2022] [proxy:error] [pid 1482103] [client 77.83.112.61:34988] AH00898: Error reading from remote server returned by /rest/categories/default, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:33.312232 2022] [proxy_http:error] [pid 1482113] (70007)The timeout specified has expired: [client 77.83.112.61:34989] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:33.312263 2022] [proxy:error] [pid 1482113] [client 77.83.112.61:34989] AH00898: Error reading from remote server returned by /rest/categories/main_website_store, referer: http://pms.test.indaco.store/home
[Mon Aug 08 14:02:37.891258 2022] [proxy_http:error] [pid 1482106] (70007)The timeout specified has expired: [client 77.83.112.61:34997] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/createProduct
[Mon Aug 08 14:02:37.893419 2022] [proxy:error] [pid 1482106] [client 77.83.112.61:34997] AH00898: Error reading from remote server returned by /rest/tax/all, referer: http://pms.test.indaco.store/createProduct
[Mon Aug 08 14:03:02.210030 2022] [proxy_http:error] [pid 1482107] (70007)The timeout specified has expired: [client 77.83.112.61:35159] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/createProduct
[Mon Aug 08 14:03:02.210091 2022] [proxy:error] [pid 1482107] [client 77.83.112.61:35159] AH00898: Error reading from remote server returned by /rest/categories/default, referer: http://pms.test.indaco.store/createProduct
[Mon Sep 12 16:49:41.336243 2022] [proxy_http:error] [pid 1899774] (70007)The timeout specified has expired: [client 82.48.59.235:29928] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:49:41.340076 2022] [proxy:error] [pid 1899774] [client 82.48.59.235:29928] AH00898: Error reading from remote server returned by /rest/media/631f4571cd6751100ca23b71, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:49:50.781253 2022] [proxy_http:error] [pid 1906037] (70007)The timeout specified has expired: [client 82.48.59.235:29929] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:49:50.781292 2022] [proxy:error] [pid 1906037] [client 82.48.59.235:29929] AH00898: Error reading from remote server returned by /rest/media/631f4571cd6751100ca23b71, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:51:07.736473 2022] [proxy_http:error] [pid 1901451] (70007)The timeout specified has expired: [client 82.48.59.235:29935] AH02608: read request body failed to 127.0.0.1:3000 (127.0.0.1) from 82.48.59.235 (), referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:51:07.736514 2022] [proxy_http:error] [pid 1901451] [client 82.48.59.235:29935] AH01097: pass request body failed to 127.0.0.1:3000 (127.0.0.1) from 82.48.59.235 (), referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:52:47.090063 2022] [proxy_http:error] [pid 1906035] (70007)The timeout specified has expired: [client 82.48.59.235:29944] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:52:47.090105 2022] [proxy:error] [pid 1906035] [client 82.48.59.235:29944] AH00898: Error reading from remote server returned by /rest/media/631f4571cd6751100ca23b71, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:53:01.798890 2022] [proxy_http:error] [pid 1901444] (70007)The timeout specified has expired: [client 82.48.59.235:29986] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:53:01.798953 2022] [proxy:error] [pid 1901444] [client 82.48.59.235:29986] AH00898: Error reading from remote server returned by /rest/media/631f4571cd6751100ca23b71, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:55:40.098670 2022] [proxy_http:error] [pid 1906037] (70007)The timeout specified has expired: [client 82.48.59.235:29753] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Mon Sep 12 16:55:40.098709 2022] [proxy:error] [pid 1906037] [client 82.48.59.235:29753] AH00898: Error reading from remote server returned by /rest/media/631f4571cd6751100ca23b71, referer: http://pms.test.indaco.store/editProduct;productId=631f4571cd6751100ca23b71
[Tue Sep 13 13:07:24.619166 2022] [proxy_http:error] [pid 1927136] (70007)The timeout specified has expired: [client 37.186.136.246:51750] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632061bdcd6751100ca23f34
[Tue Sep 13 13:07:24.658616 2022] [proxy:error] [pid 1927136] [client 37.186.136.246:51750] AH00898: Error reading from remote server returned by /rest/media/632061bdcd6751100ca23f34, referer: http://pms.test.indaco.store/editProduct;productId=632061bdcd6751100ca23f34
[Tue Sep 13 13:24:28.318130 2022] [proxy_http:error] [pid 1930178] (70007)The timeout specified has expired: [client 37.186.136.246:51952] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 13:24:28.318179 2022] [proxy:error] [pid 1930178] [client 37.186.136.246:51952] AH00898: Error reading from remote server returned by /rest/media/632044b6c164f358bbecff38, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 13:24:42.248481 2022] [proxy_http:error] [pid 1928683] (70007)The timeout specified has expired: [client 37.186.136.246:51955] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 13:24:42.248529 2022] [proxy:error] [pid 1928683] [client 37.186.136.246:51955] AH00898: Error reading from remote server returned by /rest/media/632044b6c164f358bbecff38, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 13:28:09.282530 2022] [proxy_http:error] [pid 1927812] (70007)The timeout specified has expired: [client 217.71.68.23:28195] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 13:28:09.282570 2022] [proxy:error] [pid 1927812] [client 217.71.68.23:28195] AH00898: Error reading from remote server returned by /rest/media/632044b6c164f358bbecff38, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 14:30:24.088934 2022] [proxy_http:error] [pid 1932016] (70007)The timeout specified has expired: [client 213.21.147.71:54978] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Tue Sep 13 14:30:24.088984 2022] [proxy:error] [pid 1932016] [client 213.21.147.71:54978] AH00898: Error reading from remote server returned by /rest/media/62f1222a2477d328814c68ee, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Tue Sep 13 14:32:27.653256 2022] [proxy_http:error] [pid 1927136] (70007)The timeout specified has expired: [client 213.21.147.71:55091] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Tue Sep 13 14:32:27.653302 2022] [proxy:error] [pid 1927136] [client 213.21.147.71:55091] AH00898: Error reading from remote server returned by /rest/media/62f1222a2477d328814c68ee, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Tue Sep 13 15:53:18.477949 2022] [proxy_http:error] [pid 1933807] (70007)The timeout specified has expired: [client 37.186.136.246:61048] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 15:53:18.477997 2022] [proxy:error] [pid 1933807] [client 37.186.136.246:61048] AH00898: Error reading from remote server returned by /rest/media/632044b6c164f358bbecff38, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 15:54:42.840169 2022] [proxy_http:error] [pid 1933587] (70007)The timeout specified has expired: [client 37.186.136.246:61056] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 15:54:42.840227 2022] [proxy:error] [pid 1933587] [client 37.186.136.246:61056] AH00898: Error reading from remote server returned by /rest/media/632044b6c164f358bbecff38, referer: http://pms.test.indaco.store/editProduct;productId=632044b6c164f358bbecff38
[Tue Sep 13 16:08:33.211849 2022] [proxy_http:error] [pid 1934887] (70007)The timeout specified has expired: [client 37.186.136.246:61269] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632046afcd6751100ca23e9c
[Tue Sep 13 16:08:33.211909 2022] [proxy:error] [pid 1934887] [client 37.186.136.246:61269] AH00898: Error reading from remote server returned by /rest/media/632046afcd6751100ca23e9c, referer: http://pms.test.indaco.store/editProduct;productId=632046afcd6751100ca23e9c
[Tue Sep 13 16:58:36.910769 2022] [proxy_http:error] [pid 1935220] (20014)Internal error (specific information not available): [client 37.186.136.246:62249] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632061bdcd6751100ca23f34
[Tue Sep 13 16:58:36.910804 2022] [proxy:error] [pid 1935220] [client 37.186.136.246:62249] AH00898: Error reading from remote server returned by /rest/media/632061bdcd6751100ca23f34, referer: http://pms.test.indaco.store/editProduct;productId=632061bdcd6751100ca23f34
[Tue Sep 13 17:34:51.046134 2022] [proxy_http:error] [pid 1936832] (70007)The timeout specified has expired: [client 37.186.136.246:63138] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63209d7d0374f0a617308087
[Tue Sep 13 17:34:51.046180 2022] [proxy:error] [pid 1936832] [client 37.186.136.246:63138] AH00898: Error reading from remote server returned by /rest/media/63209d7d0374f0a617308087, referer: http://pms.test.indaco.store/editProduct;productId=63209d7d0374f0a617308087
[Tue Sep 13 17:36:05.526461 2022] [proxy_http:error] [pid 1937259] (70007)The timeout specified has expired: [client 37.186.136.246:63170] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63209d7f0374f0a617308097
[Tue Sep 13 17:36:05.526537 2022] [proxy:error] [pid 1937259] [client 37.186.136.246:63170] AH00898: Error reading from remote server returned by /rest/media/63209d7f0374f0a617308097, referer: http://pms.test.indaco.store/editProduct;productId=63209d7f0374f0a617308097
[Fri Sep 16 14:55:38.123575 2022] [proxy_http:error] [pid 2028352] (20014)Internal error (specific information not available): [client 213.21.147.71:58834] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 14:55:38.128393 2022] [proxy:error] [pid 2028352] [client 213.21.147.71:58834] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 14:58:13.160811 2022] [proxy_http:error] [pid 2028596] (20014)Internal error (specific information not available): [client 213.21.147.71:59103] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 14:58:13.160868 2022] [proxy:error] [pid 2028596] [client 213.21.147.71:59103] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 14:58:13.303200 2022] [proxy_http:error] [pid 2028352] (20014)Internal error (specific information not available): [client 213.21.147.71:59084] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 14:58:13.303232 2022] [proxy:error] [pid 2028352] [client 213.21.147.71:59084] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 14:58:13.303570 2022] [proxy_http:error] [pid 2028807] (20014)Internal error (specific information not available): [client 213.21.147.71:59173] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 14:58:13.303591 2022] [proxy:error] [pid 2028807] [client 213.21.147.71:59173] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:01:48.933119 2022] [proxy_http:error] [pid 2028807] (20014)Internal error (specific information not available): [client 213.21.147.71:59249] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:01:48.933155 2022] [proxy:error] [pid 2028807] [client 213.21.147.71:59249] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:06:56.859668 2022] [proxy_http:error] [pid 2028352] (70007)The timeout specified has expired: [client 213.21.147.71:59286] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:06:56.859743 2022] [proxy:error] [pid 2028352] [client 213.21.147.71:59286] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:21:23.113288 2022] [proxy_http:error] [pid 2028620] (70007)The timeout specified has expired: [client 213.21.147.71:59956] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:21:23.113340 2022] [proxy:error] [pid 2028620] [client 213.21.147.71:59956] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:26:35.363517 2022] [proxy_http:error] [pid 2031783] (70007)The timeout specified has expired: [client 213.21.147.71:60564] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:26:35.363612 2022] [proxy:error] [pid 2031783] [client 213.21.147.71:60564] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:27:35.842588 2022] [proxy_http:error] [pid 2028620] (70007)The timeout specified has expired: [client 213.21.147.71:60583] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:27:35.842627 2022] [proxy:error] [pid 2028620] [client 213.21.147.71:60583] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:28:45.542513 2022] [proxy_http:error] [pid 2032125] (70007)The timeout specified has expired: [client 213.21.147.71:60599] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:28:45.542569 2022] [proxy:error] [pid 2032125] [client 213.21.147.71:60599] AH00898: Error reading from remote server returned by /rest/media/63203854cd6751100ca23ce9, referer: http://pms.test.indaco.store/editProduct;productId=63203854cd6751100ca23ce9
[Fri Sep 16 15:30:00.020124 2022] [proxy_http:error] [pid 2030750] (70007)The timeout specified has expired: [client 213.21.147.71:60645] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:30:00.020194 2022] [proxy:error] [pid 2030750] [client 213.21.147.71:60645] AH00898: Error reading from remote server returned by /rest/media/62f1222a2477d328814c68ee, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:37:38.743677 2022] [proxy_http:error] [pid 2028601] (70007)The timeout specified has expired: [client 213.21.147.71:62194] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:37:38.743724 2022] [proxy:error] [pid 2028601] [client 213.21.147.71:62194] AH00898: Error reading from remote server returned by /rest/media/62f1222a2477d328814c68ee, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:39:52.362646 2022] [proxy_http:error] [pid 2031783] (70007)The timeout specified has expired: [client 213.21.147.71:62225] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:39:52.362690 2022] [proxy:error] [pid 2031783] [client 213.21.147.71:62225] AH00898: Error reading from remote server returned by /rest/media/62f1222a2477d328814c68ee, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:40:57.046506 2022] [proxy_http:error] [pid 2028620] (20014)Internal error (specific information not available): [client 213.21.147.71:62545] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:40:57.046536 2022] [proxy:error] [pid 2028620] [client 213.21.147.71:62545] AH00898: Error reading from remote server returned by /rest/media/62f1222a2477d328814c68ee, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:46:40.328897 2022] [proxy_http:error] [pid 2028532] (70007)The timeout specified has expired: [client 213.21.147.71:62922] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 15:46:40.328944 2022] [proxy:error] [pid 2028532] [client 213.21.147.71:62922] AH00898: Error reading from remote server returned by /rest/media/62f1222a2477d328814c68ee, referer: http://pms.test.indaco.store/editProduct;productId=62f1222a2477d328814c68ee
[Fri Sep 16 16:45:59.026959 2022] [proxy_http:error] [pid 2034213] (70007)The timeout specified has expired: [client 213.21.147.71:52917] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Fri Sep 16 16:45:59.027014 2022] [proxy:error] [pid 2034213] [client 213.21.147.71:52917] AH00898: Error reading from remote server returned by /rest/media/undefined, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Fri Sep 16 16:46:44.519656 2022] [proxy_http:error] [pid 2032980] (70007)The timeout specified has expired: [client 213.21.147.71:52952] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Fri Sep 16 16:46:44.519734 2022] [proxy:error] [pid 2032980] [client 213.21.147.71:52952] AH00898: Error reading from remote server returned by /rest/media/undefined, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Fri Sep 16 17:09:02.204224 2022] [proxy_http:error] [pid 2034213] (70007)The timeout specified has expired: [client 80.116.65.51:29955] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f4392b28d1270d9d338a
[Fri Sep 16 17:09:02.204262 2022] [proxy:error] [pid 2034213] [client 80.116.65.51:29955] AH00898: Error reading from remote server returned by /rest/media/6322f4392b28d1270d9d338a, referer: http://pms.test.indaco.store/editProduct;productId=6322f4392b28d1270d9d338a
[Fri Sep 16 17:10:20.144285 2022] [proxy_http:error] [pid 2035071] (70007)The timeout specified has expired: [client 80.116.65.51:29962] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f4392b28d1270d9d338a
[Fri Sep 16 17:10:20.144373 2022] [proxy:error] [pid 2035071] [client 80.116.65.51:29962] AH00898: Error reading from remote server returned by /rest/media/6322f4392b28d1270d9d338a, referer: http://pms.test.indaco.store/editProduct;productId=6322f4392b28d1270d9d338a
[Fri Sep 16 17:12:53.875112 2022] [proxy_http:error] [pid 2034887] (70007)The timeout specified has expired: [client 80.116.65.51:29988] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f4392b28d1270d9d338a
[Fri Sep 16 17:12:53.875165 2022] [proxy:error] [pid 2034887] [client 80.116.65.51:29988] AH00898: Error reading from remote server returned by /rest/media/6322f4392b28d1270d9d338a, referer: http://pms.test.indaco.store/editProduct;productId=6322f4392b28d1270d9d338a
[Fri Sep 16 17:15:42.890113 2022] [proxy_http:error] [pid 2034213] (70007)The timeout specified has expired: [client 80.116.65.51:29754] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6324400367125c8ba87e9d8b
[Fri Sep 16 17:15:42.890155 2022] [proxy:error] [pid 2034213] [client 80.116.65.51:29754] AH00898: Error reading from remote server returned by /rest/media/6324400367125c8ba87e9d8b, referer: http://pms.test.indaco.store/editProduct;productId=6324400367125c8ba87e9d8b
[Fri Sep 16 17:21:07.740344 2022] [proxy_http:error] [pid 2032980] (70007)The timeout specified has expired: [client 80.116.65.51:29997] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349121fbeef5e72aae4cf
[Fri Sep 16 17:21:07.740390 2022] [proxy:error] [pid 2032980] [client 80.116.65.51:29997] AH00898: Error reading from remote server returned by /rest/media/632349121fbeef5e72aae4cf, referer: http://pms.test.indaco.store/editProduct;productId=632349121fbeef5e72aae4cf
[Mon Sep 19 11:12:19.182796 2022] [proxy_http:error] [pid 2109564] (70007)The timeout specified has expired: [client 80.116.65.51:29969] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322ec6b2b28d1270d9d32d2
[Mon Sep 19 11:12:19.186831 2022] [proxy:error] [pid 2109564] [client 80.116.65.51:29969] AH00898: Error reading from remote server returned by /rest/media/6322ec6b2b28d1270d9d32d2, referer: http://pms.test.indaco.store/editProduct;productId=6322ec6b2b28d1270d9d32d2
[Mon Sep 19 11:14:38.229094 2022] [proxy_http:error] [pid 2109581] (70007)The timeout specified has expired: [client 80.116.65.51:29782] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349141fbeef5e72aae4df
[Mon Sep 19 11:14:38.229137 2022] [proxy:error] [pid 2109581] [client 80.116.65.51:29782] AH00898: Error reading from remote server returned by /rest/media/632349141fbeef5e72aae4df, referer: http://pms.test.indaco.store/editProduct;productId=632349141fbeef5e72aae4df
[Mon Sep 19 11:16:46.899938 2022] [proxy_http:error] [pid 2097519] (70007)The timeout specified has expired: [client 80.116.65.51:29807] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349131fbeef5e72aae4d7
[Mon Sep 19 11:16:46.899978 2022] [proxy:error] [pid 2097519] [client 80.116.65.51:29807] AH00898: Error reading from remote server returned by /rest/media/632349131fbeef5e72aae4d7, referer: http://pms.test.indaco.store/editProduct;productId=632349131fbeef5e72aae4d7
[Mon Sep 19 11:17:59.608274 2022] [proxy_http:error] [pid 2110925] (70007)The timeout specified has expired: [client 80.116.65.51:29822] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349141fbeef5e72aae4db
[Mon Sep 19 11:17:59.608323 2022] [proxy:error] [pid 2110925] [client 80.116.65.51:29822] AH00898: Error reading from remote server returned by /rest/media/632349141fbeef5e72aae4db, referer: http://pms.test.indaco.store/editProduct;productId=632349141fbeef5e72aae4db
[Mon Sep 19 11:18:59.172265 2022] [proxy_http:error] [pid 2110472] (70007)The timeout specified has expired: [client 80.116.65.51:29835] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349151fbeef5e72aae4e3
[Mon Sep 19 11:18:59.172312 2022] [proxy:error] [pid 2110472] [client 80.116.65.51:29835] AH00898: Error reading from remote server returned by /rest/media/632349151fbeef5e72aae4e3, referer: http://pms.test.indaco.store/editProduct;productId=632349151fbeef5e72aae4e3
[Mon Sep 19 11:19:48.513398 2022] [proxy_http:error] [pid 2110924] (70007)The timeout specified has expired: [client 80.116.65.51:29852] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349111fbeef5e72aae4c7
[Mon Sep 19 11:19:48.513481 2022] [proxy:error] [pid 2110924] [client 80.116.65.51:29852] AH00898: Error reading from remote server returned by /rest/media/632349111fbeef5e72aae4c7, referer: http://pms.test.indaco.store/editProduct;productId=632349111fbeef5e72aae4c7
[Mon Sep 19 11:19:56.135479 2022] [proxy_http:error] [pid 2110947] (70007)The timeout specified has expired: [client 80.116.65.51:29854] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349111fbeef5e72aae4c7
[Mon Sep 19 11:19:56.135537 2022] [proxy:error] [pid 2110947] [client 80.116.65.51:29854] AH00898: Error reading from remote server returned by /rest/media/632349111fbeef5e72aae4c7, referer: http://pms.test.indaco.store/editProduct;productId=632349111fbeef5e72aae4c7
[Mon Sep 19 11:22:40.662706 2022] [proxy_http:error] [pid 2110966] (70007)The timeout specified has expired: [client 80.116.65.51:29895] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349111fbeef5e72aae4c7
[Mon Sep 19 11:22:40.662754 2022] [proxy:error] [pid 2110966] [client 80.116.65.51:29895] AH00898: Error reading from remote server returned by /rest/media/632349111fbeef5e72aae4c7, referer: http://pms.test.indaco.store/editProduct;productId=632349111fbeef5e72aae4c7
[Mon Sep 19 11:23:11.420269 2022] [proxy_http:error] [pid 2108969] (70007)The timeout specified has expired: [client 80.116.65.51:29912] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6324400367125c8ba87e9d8b
[Mon Sep 19 11:23:11.420331 2022] [proxy:error] [pid 2108969] [client 80.116.65.51:29912] AH00898: Error reading from remote server returned by /rest/media/6324400367125c8ba87e9d8b, referer: http://pms.test.indaco.store/editProduct;productId=6324400367125c8ba87e9d8b
[Mon Sep 19 11:24:40.096657 2022] [proxy_http:error] [pid 2111045] (70007)The timeout specified has expired: [client 80.116.65.51:29930] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f17f589c775ee02251c7
[Mon Sep 19 11:24:40.096736 2022] [proxy:error] [pid 2111045] [client 80.116.65.51:29930] AH00898: Error reading from remote server returned by /rest/media/6322f17f589c775ee02251c7, referer: http://pms.test.indaco.store/editProduct;productId=6322f17f589c775ee02251c7
[Mon Sep 19 11:28:54.628232 2022] [proxy_http:error] [pid 2110472] (70007)The timeout specified has expired: [client 80.116.65.51:29965] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f0dc589c775ee02251bb
[Mon Sep 19 11:28:54.628300 2022] [proxy:error] [pid 2110472] [client 80.116.65.51:29965] AH00898: Error reading from remote server returned by /rest/media/6322f0dc589c775ee02251bb, referer: http://pms.test.indaco.store/editProduct;productId=6322f0dc589c775ee02251bb
[Mon Sep 19 12:14:16.914141 2022] [proxy_http:error] [pid 2111689] (70007)The timeout specified has expired: [client 151.46.75.122:27599] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Mon Sep 19 12:14:16.914210 2022] [proxy:error] [pid 2111689] [client 151.46.75.122:27599] AH00898: Error reading from remote server returned by /rest/media/63248ae4b34dc190ff435f15, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Mon Sep 19 12:21:22.551151 2022] [proxy_http:error] [pid 2111514] (70007)The timeout specified has expired: [client 151.46.75.122:27667] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Mon Sep 19 12:21:22.551195 2022] [proxy:error] [pid 2111514] [client 151.46.75.122:27667] AH00898: Error reading from remote server returned by /rest/media/63248ae4b34dc190ff435f15, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Mon Sep 19 12:28:57.096249 2022] [proxy_http:error] [pid 2111593] (70007)The timeout specified has expired: [client 151.46.75.122:27743] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Mon Sep 19 12:28:57.096302 2022] [proxy:error] [pid 2111593] [client 151.46.75.122:27743] AH00898: Error reading from remote server returned by /rest/media/63248ae4b34dc190ff435f15, referer: http://pms.test.indaco.store/editProduct;productId=63248ae4b34dc190ff435f15
[Mon Sep 19 12:36:51.895207 2022] [proxy_http:error] [pid 2111688] (70007)The timeout specified has expired: [client 151.46.75.122:27043] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632844fa0f23133a68642c92
[Mon Sep 19 12:36:51.895262 2022] [proxy:error] [pid 2111688] [client 151.46.75.122:27043] AH00898: Error reading from remote server returned by /rest/media/632844fa0f23133a68642c92, referer: http://pms.test.indaco.store/editProduct;productId=632844fa0f23133a68642c92
[Mon Sep 19 14:23:49.572240 2022] [proxy_http:error] [pid 2115233] (70007)The timeout specified has expired: [client 80.116.65.51:29772] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f0dc589c775ee02251bb
[Mon Sep 19 14:23:49.572305 2022] [proxy:error] [pid 2115233] [client 80.116.65.51:29772] AH00898: Error reading from remote server returned by /rest/media/6322f0dc589c775ee02251bb, referer: http://pms.test.indaco.store/editProduct;productId=6322f0dc589c775ee02251bb
[Mon Sep 19 22:08:09.339020 2022] [proxy_http:error] [pid 2118716] (70007)The timeout specified has expired: [client 37.160.168.94:43517] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6328cad2b43bab58161ce710
[Mon Sep 19 22:08:09.339088 2022] [proxy:error] [pid 2118716] [client 37.160.168.94:43517] AH00898: Error reading from remote server returned by /rest/media/6328cad2b43bab58161ce710, referer: http://pms.test.indaco.store/editProduct;productId=6328cad2b43bab58161ce710
[Wed Sep 21 09:51:22.067003 2022] [proxy_http:error] [pid 2186922] (70007)The timeout specified has expired: [client 87.4.19.150:29121] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349131fbeef5e72aae4d3
[Wed Sep 21 09:51:22.072803 2022] [proxy:error] [pid 2186922] [client 87.4.19.150:29121] AH00898: Error reading from remote server returned by /rest/media/632349131fbeef5e72aae4d3, referer: http://pms.test.indaco.store/editProduct;productId=632349131fbeef5e72aae4d3
[Wed Sep 21 09:54:23.072272 2022] [proxy_http:error] [pid 2186996] (70007)The timeout specified has expired: [client 87.4.19.150:29140] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=632349131fbeef5e72aae4d3
[Wed Sep 21 09:54:23.072333 2022] [proxy:error] [pid 2186996] [client 87.4.19.150:29140] AH00898: Error reading from remote server returned by /rest/media/632349131fbeef5e72aae4d3, referer: http://pms.test.indaco.store/editProduct;productId=632349131fbeef5e72aae4d3
[Wed Sep 21 10:18:18.166484 2022] [proxy_http:error] [pid 2187165] (70007)The timeout specified has expired: [client 87.4.19.150:29072] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f17f589c775ee02251c7
[Wed Sep 21 10:18:18.166543 2022] [proxy:error] [pid 2187165] [client 87.4.19.150:29072] AH00898: Error reading from remote server returned by /rest/media/6322f17f589c775ee02251c7, referer: http://pms.test.indaco.store/editProduct;productId=6322f17f589c775ee02251c7
[Wed Sep 21 10:18:30.831825 2022] [proxy_http:error] [pid 2187555] (70007)The timeout specified has expired: [client 87.4.19.150:29074] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indaco.store/editProduct;productId=6322f17f589c775ee02251c7
[Wed Sep 21 10:18:30.831882 2022] [proxy:error] [pid 2187555] [client 87.4.19.150:29074] AH00898: Error reading from remote server returned by /rest/media/6322f17f589c775ee02251c7, referer: http://pms.test.indaco.store/editProduct;productId=6322f17f589c775ee02251c7
[Tue Sep 27 14:02:36.119612 2022] [proxy_http:error] [pid 2323229] (20014)Internal error (specific information not available): [client 95.254.147.79:64091] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/
[Tue Sep 27 14:02:36.349343 2022] [proxy:error] [pid 2322999] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:36.349421 2022] [proxy_http:error] [pid 2322999] [client 95.254.147.79:64095] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Tue Sep 27 14:02:36.434571 2022] [proxy:error] [pid 2322441] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:36.434643 2022] [proxy_http:error] [pid 2322441] [client 95.254.147.79:64092] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Tue Sep 27 14:02:36.443589 2022] [proxy:error] [pid 2323056] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:36.443645 2022] [proxy:error] [pid 2323028] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:36.443687 2022] [proxy_http:error] [pid 2323028] [client 95.254.147.79:64093] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Tue Sep 27 14:02:36.443682 2022] [proxy_http:error] [pid 2323056] [client 95.254.147.79:64094] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Tue Sep 27 14:02:36.479975 2022] [proxy:error] [pid 2322903] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:36.480049 2022] [proxy_http:error] [pid 2322903] [client 95.254.147.79:64096] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Tue Sep 27 14:02:41.378838 2022] [proxy:error] [pid 2322860] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:41.378895 2022] [proxy_http:error] [pid 2322860] [client 95.254.147.79:64099] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Tue Sep 27 14:02:41.380964 2022] [proxy:error] [pid 2322855] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:41.381008 2022] [proxy_http:error] [pid 2322855] [client 95.254.147.79:64098] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Tue Sep 27 14:02:46.127415 2022] [proxy:error] [pid 2323027] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:46.127473 2022] [proxy_http:error] [pid 2323027] [client 95.254.147.79:64100] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/
[Tue Sep 27 14:02:46.130925 2022] [proxy:error] [pid 2322894] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:02:46.131029 2022] [proxy_http:error] [pid 2322894] [client 95.254.147.79:64101] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/
[Tue Sep 27 14:03:14.721855 2022] [proxy:error] [pid 2322898] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:03:14.721916 2022] [proxy_http:error] [pid 2322898] [client 95.254.147.79:64129] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/login
[Tue Sep 27 14:03:29.006625 2022] [proxy:error] [pid 2322897] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:03:29.008265 2022] [proxy_http:error] [pid 2322897] [client 95.254.147.79:64140] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/login
[Tue Sep 27 14:03:31.383607 2022] [proxy:error] [pid 2323000] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Tue Sep 27 14:03:31.383666 2022] [proxy_http:error] [pid 2323000] [client 95.254.147.79:64141] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/login
[Wed Sep 28 11:27:39.896515 2022] [proxy:error] [pid 2342609] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Wed Sep 28 11:27:39.905547 2022] [proxy_http:error] [pid 2342609] [client 146.247.68.141:60197] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Wed Sep 28 11:27:42.514444 2022] [proxy:error] [pid 2342737] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Wed Sep 28 11:27:42.522181 2022] [proxy_http:error] [pid 2342737] [client 146.247.68.141:60198] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/home
[Thu Sep 29 15:05:00.986148 2022] [proxy_http:error] [pid 2366875] (70007)The timeout specified has expired: [client 87.15.207.205:63587] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editProduct;productId=633596860612df01c3950f50
[Thu Sep 29 15:05:00.993018 2022] [proxy:error] [pid 2366875] [client 87.15.207.205:63587] AH00898: Error reading from remote server returned by /rest/media/633596860612df01c3950f50, referer: http://pms.test.indacotrentino.com/editProduct;productId=633596860612df01c3950f50
[Thu Nov 10 15:03:03.732887 2022] [:error] [pid 2984938] [client 79.50.106.79:55049] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y20El@FPJvkQWzSUSfQfjQAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:03.740042 2022] [:error] [pid 2984938] [client 79.50.106.79:55049] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y20El@FPJvkQWzSUSfQfjQAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:03.740203 2022] [:error] [pid 2984938] [client 79.50.106.79:55049] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y20El@FPJvkQWzSUSfQfjQAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:03.740698 2022] [:error] [pid 2984946] [client 79.50.106.79:55050] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y20El9tjyONOjVDyw3iT-AAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:03.742358 2022] [:error] [pid 2984946] [client 79.50.106.79:55050] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y20El9tjyONOjVDyw3iT-AAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:03.742542 2022] [:error] [pid 2984946] [client 79.50.106.79:55050] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y20El9tjyONOjVDyw3iT-AAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:25.614654 2022] [:error] [pid 2984946] [client 79.50.106.79:55063] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y20ErdtjyONOjVDyw3iUAQAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:25.616066 2022] [:error] [pid 2984946] [client 79.50.106.79:55063] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y20ErdtjyONOjVDyw3iUAQAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:25.616416 2022] [:error] [pid 2984946] [client 79.50.106.79:55063] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y20ErdtjyONOjVDyw3iUAQAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:25.656403 2022] [:error] [pid 2984924] [client 79.50.106.79:55064] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y20ErbEcyM8IYmLUvs0swQAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:25.658143 2022] [:error] [pid 2984924] [client 79.50.106.79:55064] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y20ErbEcyM8IYmLUvs0swQAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Thu Nov 10 15:03:25.658307 2022] [:error] [pid 2984924] [client 79.50.106.79:55064] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y20ErbEcyM8IYmLUvs0swQAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 15 11:53:15.993645 2022] [:error] [pid 3049614] [client 213.21.147.71:52744] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/634d50c8c76dd805ae568979"] [unique_id "Y3Nvm7IdQ80KeDReNx8kAwAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:15.993654 2022] [:error] [pid 3043587] [client 213.21.147.71:52745] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/updateInventory/"] [unique_id "Y3Nvm2kJLBNobtdzXvEc4AAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:16.004483 2022] [:error] [pid 3049614] [client 213.21.147.71:52744] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/634d50c8c76dd805ae568979"] [unique_id "Y3Nvm7IdQ80KeDReNx8kAwAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:16.004535 2022] [:error] [pid 3043587] [client 213.21.147.71:52745] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/updateInventory/"] [unique_id "Y3Nvm2kJLBNobtdzXvEc4AAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:16.004689 2022] [:error] [pid 3043587] [client 213.21.147.71:52745] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/updateInventory/"] [unique_id "Y3Nvm2kJLBNobtdzXvEc4AAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:16.004694 2022] [:error] [pid 3049614] [client 213.21.147.71:52744] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/634d50c8c76dd805ae568979"] [unique_id "Y3Nvm7IdQ80KeDReNx8kAwAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:29.387395 2022] [:error] [pid 3046290] [client 213.21.147.71:52750] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/updateInventory/"] [unique_id "Y3NvqYGJFIH013ReidyH1QAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:29.388051 2022] [:error] [pid 3043591] [client 213.21.147.71:52749] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/634d50c8c76dd805ae568979"] [unique_id "Y3NvqWR9CLu1S7lzS2z4qwAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:29.388326 2022] [:error] [pid 3046290] [client 213.21.147.71:52750] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/updateInventory/"] [unique_id "Y3NvqYGJFIH013ReidyH1QAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:29.388469 2022] [:error] [pid 3046290] [client 213.21.147.71:52750] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/updateInventory/"] [unique_id "Y3NvqYGJFIH013ReidyH1QAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:29.388869 2022] [:error] [pid 3043591] [client 213.21.147.71:52749] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/634d50c8c76dd805ae568979"] [unique_id "Y3NvqWR9CLu1S7lzS2z4qwAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Tue Nov 15 11:53:29.389003 2022] [:error] [pid 3043591] [client 213.21.147.71:52749] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/62ed0ff562940ba0eef75c24/products/634d50c8c76dd805ae568979"] [unique_id "Y3NvqWR9CLu1S7lzS2z4qwAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=634d50c8c76dd805ae568979;partnerId=undefined
[Wed Nov 16 14:25:03.585632 2022] [:error] [pid 3056939] [client 79.50.106.79:52592] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tkr8zMYxkosRyKDIJFygAAAAs"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:03.588372 2022] [:error] [pid 3063132] [client 79.50.106.79:52593] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tkr83Il@SUkKT3nm0tNQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:03.590692 2022] [:error] [pid 3063132] [client 79.50.106.79:52593] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tkr83Il@SUkKT3nm0tNQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:03.590997 2022] [:error] [pid 3063132] [client 79.50.106.79:52593] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tkr83Il@SUkKT3nm0tNQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:03.591860 2022] [:error] [pid 3056939] [client 79.50.106.79:52592] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tkr8zMYxkosRyKDIJFygAAAAs"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:03.592050 2022] [:error] [pid 3056939] [client 79.50.106.79:52592] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tkr8zMYxkosRyKDIJFygAAAAs"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:31.697130 2022] [:error] [pid 3064782] [client 79.50.106.79:52611] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tky5xMteM6atk@eiFZbQAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:31.698539 2022] [:error] [pid 3064782] [client 79.50.106.79:52611] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tky5xMteM6atk@eiFZbQAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:31.698705 2022] [:error] [pid 3064782] [client 79.50.106.79:52611] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tky5xMteM6atk@eiFZbQAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:31.705136 2022] [:error] [pid 3056938] [client 79.50.106.79:52616] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tky6V7ZkTFXuImD9t2hwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:31.706549 2022] [:error] [pid 3056938] [client 79.50.106.79:52616] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tky6V7ZkTFXuImD9t2hwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:25:31.706716 2022] [:error] [pid 3056938] [client 79.50.106.79:52616] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tky6V7ZkTFXuImD9t2hwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:27:37.286098 2022] [:error] [pid 3064782] [client 79.50.106.79:52888] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3TlSZxMteM6atk@eiFZegAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:27:37.287433 2022] [:error] [pid 3064782] [client 79.50.106.79:52888] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3TlSZxMteM6atk@eiFZegAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:27:37.287594 2022] [:error] [pid 3064782] [client 79.50.106.79:52888] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3TlSZxMteM6atk@eiFZegAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:27:37.289124 2022] [:error] [pid 3064141] [client 79.50.106.79:52889] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TlScs62Xc3wODMm1eriAAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:27:37.290432 2022] [:error] [pid 3064141] [client 79.50.106.79:52889] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TlScs62Xc3wODMm1eriAAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:27:37.290582 2022] [:error] [pid 3064141] [client 79.50.106.79:52889] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TlScs62Xc3wODMm1eriAAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:39:31.858638 2022] [:error] [pid 3064782] [client 79.50.106.79:53397] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3ToE5xMteM6atk@eiFZwAAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:31.860092 2022] [:error] [pid 3064782] [client 79.50.106.79:53397] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3ToE5xMteM6atk@eiFZwAAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:31.860269 2022] [:error] [pid 3064782] [client 79.50.106.79:53397] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3ToE5xMteM6atk@eiFZwAAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:31.866778 2022] [:error] [pid 3056964] [client 79.50.106.79:53396] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3ToE5u5Ti1lvApl-9zdEgAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:31.868841 2022] [:error] [pid 3056964] [client 79.50.106.79:53396] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3ToE5u5Ti1lvApl-9zdEgAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:31.868986 2022] [:error] [pid 3056964] [client 79.50.106.79:53396] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3ToE5u5Ti1lvApl-9zdEgAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:44.401527 2022] [:error] [pid 3059383] [client 79.50.106.79:53403] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3ToICAGtUWF5Ke72EG8wAAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:44.403456 2022] [:error] [pid 3059383] [client 79.50.106.79:53403] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3ToICAGtUWF5Ke72EG8wAAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:44.403669 2022] [:error] [pid 3059383] [client 79.50.106.79:53403] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3ToICAGtUWF5Ke72EG8wAAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:44.413533 2022] [:error] [pid 3064827] [client 79.50.106.79:53399] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3ToIFO83@qk7GahsDm-QAAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:44.414904 2022] [:error] [pid 3064827] [client 79.50.106.79:53399] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3ToIFO83@qk7GahsDm-QAAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:39:44.415059 2022] [:error] [pid 3064827] [client 79.50.106.79:53399] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3ToIFO83@qk7GahsDm-QAAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:44:27.868798 2022] [:error] [pid 3063132] [client 79.50.106.79:53789] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TpO83Il@SUkKT3nm0tjQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:44:27.870515 2022] [:error] [pid 3063132] [client 79.50.106.79:53789] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TpO83Il@SUkKT3nm0tjQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:44:27.870681 2022] [:error] [pid 3063132] [client 79.50.106.79:53789] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TpO83Il@SUkKT3nm0tjQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:44:27.876730 2022] [:error] [pid 3064141] [client 79.50.106.79:53790] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TpO8s62Xc3wODMm1er7AAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:44:27.878176 2022] [:error] [pid 3064141] [client 79.50.106.79:53790] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TpO8s62Xc3wODMm1er7AAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:44:27.878340 2022] [:error] [pid 3064141] [client 79.50.106.79:53790] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TpO8s62Xc3wODMm1er7AAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:45:23.617150 2022] [:error] [pid 3064141] [client 79.50.106.79:53868] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tpc8s62Xc3wODMm1er8gAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:45:23.619124 2022] [:error] [pid 3064141] [client 79.50.106.79:53868] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tpc8s62Xc3wODMm1er8gAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:45:23.619340 2022] [:error] [pid 3064141] [client 79.50.106.79:53868] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tpc8s62Xc3wODMm1er8gAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:45:23.624802 2022] [:error] [pid 3065221] [client 79.50.106.79:53867] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tpc8a67ICUnU3pizapeAAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:45:23.626703 2022] [:error] [pid 3065221] [client 79.50.106.79:53867] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tpc8a67ICUnU3pizapeAAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:45:23.626905 2022] [:error] [pid 3065221] [client 79.50.106.79:53867] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Tpc8a67ICUnU3pizapeAAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:46:37.562384 2022] [:error] [pid 3064782] [client 79.50.106.79:53931] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TpvZxMteM6atk@eiFZ3AAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:46:37.563907 2022] [:error] [pid 3064782] [client 79.50.106.79:53931] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TpvZxMteM6atk@eiFZ3AAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:46:37.564215 2022] [:error] [pid 3064782] [client 79.50.106.79:53931] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TpvZxMteM6atk@eiFZ3AAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:46:37.570903 2022] [:error] [pid 3059382] [client 79.50.106.79:53932] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TpvQSMrgzGvRfFdemJjQAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:46:37.573049 2022] [:error] [pid 3059382] [client 79.50.106.79:53932] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TpvQSMrgzGvRfFdemJjQAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:46:37.573247 2022] [:error] [pid 3059382] [client 79.50.106.79:53932] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TpvQSMrgzGvRfFdemJjQAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:48:11.423107 2022] [:error] [pid 3064141] [client 79.50.106.79:53991] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TqG8s62Xc3wODMm1esBAAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:48:11.424576 2022] [:error] [pid 3064141] [client 79.50.106.79:53991] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TqG8s62Xc3wODMm1esBAAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:48:11.424735 2022] [:error] [pid 3064141] [client 79.50.106.79:53991] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TqG8s62Xc3wODMm1esBAAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:48:11.460576 2022] [:error] [pid 3059382] [client 79.50.106.79:53996] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3TqGwSMrgzGvRfFdemJkwAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:48:11.462164 2022] [:error] [pid 3059382] [client 79.50.106.79:53996] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3TqGwSMrgzGvRfFdemJkwAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:48:11.462340 2022] [:error] [pid 3059382] [client 79.50.106.79:53996] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3TqGwSMrgzGvRfFdemJkwAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=632349141fbeef5e72aae4df
[Wed Nov 16 14:54:47.615322 2022] [:error] [pid 3064827] [client 79.50.106.79:54342] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Trp1O83@qk7GahsDm-VAAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:54:47.617276 2022] [:error] [pid 3064827] [client 79.50.106.79:54342] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Trp1O83@qk7GahsDm-VAAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:54:47.617499 2022] [:error] [pid 3064827] [client 79.50.106.79:54342] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Trp1O83@qk7GahsDm-VAAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:54:47.623094 2022] [:error] [pid 3063132] [client 79.50.106.79:54343] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Trp83Il@SUkKT3nm0tnQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:54:47.624573 2022] [:error] [pid 3063132] [client 79.50.106.79:54343] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Trp83Il@SUkKT3nm0tnQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:54:47.624754 2022] [:error] [pid 3063132] [client 79.50.106.79:54343] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3Trp83Il@SUkKT3nm0tnQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 14:58:55.967629 2022] [:error] [pid 3064141] [client 79.50.106.79:54701] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tsn8s62Xc3wODMm1esCwAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 14:58:55.969046 2022] [:error] [pid 3064141] [client 79.50.106.79:54701] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tsn8s62Xc3wODMm1esCwAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 14:58:55.969277 2022] [:error] [pid 3064141] [client 79.50.106.79:54701] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tsn8s62Xc3wODMm1esCwAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 14:58:55.978018 2022] [:error] [pid 3065230] [client 79.50.106.79:54704] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374ec7d7393c119b21d4c5d"] [unique_id "Y3Tsn-9kR9ucGwRNx56VvQAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 14:58:55.978970 2022] [:error] [pid 3065230] [client 79.50.106.79:54704] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374ec7d7393c119b21d4c5d"] [unique_id "Y3Tsn-9kR9ucGwRNx56VvQAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 14:58:55.979137 2022] [:error] [pid 3065230] [client 79.50.106.79:54704] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374ec7d7393c119b21d4c5d"] [unique_id "Y3Tsn-9kR9ucGwRNx56VvQAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 15:06:19.205703 2022] [:error] [pid 3065418] [client 79.50.106.79:55412] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TuW5C0OPqnUi98lF8v4wAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:06:19.207325 2022] [:error] [pid 3065418] [client 79.50.106.79:55412] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TuW5C0OPqnUi98lF8v4wAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:06:19.207508 2022] [:error] [pid 3065418] [client 79.50.106.79:55412] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TuW5C0OPqnUi98lF8v4wAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:06:19.210109 2022] [:error] [pid 3065230] [client 79.50.106.79:55411] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TuW-9kR9ucGwRNx56VwgAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:06:19.211704 2022] [:error] [pid 3065230] [client 79.50.106.79:55411] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TuW-9kR9ucGwRNx56VwgAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:06:19.211882 2022] [:error] [pid 3065230] [client 79.50.106.79:55411] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TuW-9kR9ucGwRNx56VwgAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:06:41.729900 2022] [:error] [pid 3065435] [client 79.50.106.79:55437] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TucQgv6P@Rr0u2vC23SwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 15:06:41.731704 2022] [:error] [pid 3065435] [client 79.50.106.79:55437] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TucQgv6P@Rr0u2vC23SwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 15:06:41.731957 2022] [:error] [pid 3065435] [client 79.50.106.79:55437] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TucQgv6P@Rr0u2vC23SwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 15:06:41.733176 2022] [:error] [pid 3065418] [client 79.50.106.79:55436] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374ec7d7393c119b21d4c5d"] [unique_id "Y3TucZC0OPqnUi98lF8v5wAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 15:06:41.734032 2022] [:error] [pid 3065418] [client 79.50.106.79:55436] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374ec7d7393c119b21d4c5d"] [unique_id "Y3TucZC0OPqnUi98lF8v5wAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 15:06:41.734197 2022] [:error] [pid 3065418] [client 79.50.106.79:55436] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374ec7d7393c119b21d4c5d"] [unique_id "Y3TucZC0OPqnUi98lF8v5wAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374ec7d7393c119b21d4c5d
[Wed Nov 16 15:08:41.089567 2022] [:error] [pid 3064141] [client 79.50.106.79:56442] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tu6cs62Xc3wODMm1esGQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374eeb5a558e1c25b2adfff
[Wed Nov 16 15:08:41.090534 2022] [:error] [pid 3064141] [client 79.50.106.79:56442] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tu6cs62Xc3wODMm1esGQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374eeb5a558e1c25b2adfff
[Wed Nov 16 15:08:41.090688 2022] [:error] [pid 3064141] [client 79.50.106.79:56442] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3Tu6cs62Xc3wODMm1esGQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374eeb5a558e1c25b2adfff
[Wed Nov 16 15:08:41.098285 2022] [:error] [pid 3056937] [client 79.50.106.79:56443] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374eeb5a558e1c25b2adfff"] [unique_id "Y3Tu6bVrfYiC6Hkc-QnDIAAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374eeb5a558e1c25b2adfff
[Wed Nov 16 15:08:41.099334 2022] [:error] [pid 3056937] [client 79.50.106.79:56443] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374eeb5a558e1c25b2adfff"] [unique_id "Y3Tu6bVrfYiC6Hkc-QnDIAAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374eeb5a558e1c25b2adfff
[Wed Nov 16 15:08:41.099495 2022] [:error] [pid 3056937] [client 79.50.106.79:56443] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6374eeb5a558e1c25b2adfff"] [unique_id "Y3Tu6bVrfYiC6Hkc-QnDIAAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6374eeb5a558e1c25b2adfff
[Wed Nov 16 15:16:36.272480 2022] [:error] [pid 3066834] [client 79.50.106.79:57242] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TwxKGN8oVzFm5feQ6SyQAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:16:36.274098 2022] [:error] [pid 3066834] [client 79.50.106.79:57242] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TwxKGN8oVzFm5feQ6SyQAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:16:36.274299 2022] [:error] [pid 3066834] [client 79.50.106.79:57242] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TwxKGN8oVzFm5feQ6SyQAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:16:36.287476 2022] [:error] [pid 3066832] [client 79.50.106.79:57243] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TwxAP5cID5RWuBgvahcgAAAA0"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:16:36.289679 2022] [:error] [pid 3066832] [client 79.50.106.79:57243] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TwxAP5cID5RWuBgvahcgAAAA0"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:16:36.289927 2022] [:error] [pid 3066832] [client 79.50.106.79:57243] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TwxAP5cID5RWuBgvahcgAAAA0"], referer: http://pms.test.indacotrentino.com/editProduct;partnerId=63183b1675134bd17edc6a61;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 15:17:43.966911 2022] [:error] [pid 3066834] [client 77.83.112.61:41106] [client 77.83.112.61] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TxB6GN8oVzFm5feQ6S0AAAAA8"], referer: http://pms.test.indacotrentino.com/admin/editProduct;productId=6322f4392b28d1270d9d338a;partnerId=63183b1675134bd17edc6a61
[Wed Nov 16 15:17:43.968503 2022] [:error] [pid 3066834] [client 77.83.112.61:41106] [client 77.83.112.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TxB6GN8oVzFm5feQ6S0AAAAA8"], referer: http://pms.test.indacotrentino.com/admin/editProduct;productId=6322f4392b28d1270d9d338a;partnerId=63183b1675134bd17edc6a61
[Wed Nov 16 15:17:43.968666 2022] [:error] [pid 3066834] [client 77.83.112.61:41106] [client 77.83.112.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3TxB6GN8oVzFm5feQ6S0AAAAA8"], referer: http://pms.test.indacotrentino.com/admin/editProduct;productId=6322f4392b28d1270d9d338a;partnerId=63183b1675134bd17edc6a61
[Wed Nov 16 15:17:43.968853 2022] [:error] [pid 3056937] [client 77.83.112.61:41105] [client 77.83.112.61] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TxB7VrfYiC6Hkc-QnDMAAAAAU"], referer: http://pms.test.indacotrentino.com/admin/editProduct;productId=6322f4392b28d1270d9d338a;partnerId=63183b1675134bd17edc6a61
[Wed Nov 16 15:17:43.970398 2022] [:error] [pid 3056937] [client 77.83.112.61:41105] [client 77.83.112.61] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TxB7VrfYiC6Hkc-QnDMAAAAAU"], referer: http://pms.test.indacotrentino.com/admin/editProduct;productId=6322f4392b28d1270d9d338a;partnerId=63183b1675134bd17edc6a61
[Wed Nov 16 15:17:43.970576 2022] [:error] [pid 3056937] [client 77.83.112.61:41105] [client 77.83.112.61] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3TxB7VrfYiC6Hkc-QnDMAAAAAU"], referer: http://pms.test.indacotrentino.com/admin/editProduct;productId=6322f4392b28d1270d9d338a;partnerId=63183b1675134bd17edc6a61
[Wed Nov 16 16:34:58.124299 2022] [:error] [pid 3067496] [client 79.50.106.79:63462] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UDIpL5ePKtVxmWWKoU2gAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:34:58.126049 2022] [:error] [pid 3067496] [client 79.50.106.79:63462] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UDIpL5ePKtVxmWWKoU2gAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:34:58.126258 2022] [:error] [pid 3067496] [client 79.50.106.79:63462] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UDIpL5ePKtVxmWWKoU2gAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:34:58.131972 2022] [:error] [pid 3066850] [client 79.50.106.79:63463] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UDIrvplJyXdgehhjBD1gAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:34:58.133574 2022] [:error] [pid 3066850] [client 79.50.106.79:63463] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UDIrvplJyXdgehhjBD1gAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:34:58.133758 2022] [:error] [pid 3066850] [client 79.50.106.79:63463] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UDIrvplJyXdgehhjBD1gAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:50:46.054860 2022] [:error] [pid 3066832] [client 79.50.106.79:64041] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UG1gP5cID5RWuBgvahjAAAAA0"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:50:46.056553 2022] [:error] [pid 3066832] [client 79.50.106.79:64041] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UG1gP5cID5RWuBgvahjAAAAA0"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:50:46.056726 2022] [:error] [pid 3066832] [client 79.50.106.79:64041] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UG1gP5cID5RWuBgvahjAAAAA0"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:50:46.057457 2022] [:error] [pid 3066834] [client 79.50.106.79:64045] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UG1qGN8oVzFm5feQ6S3gAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:50:46.058825 2022] [:error] [pid 3066834] [client 79.50.106.79:64045] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UG1qGN8oVzFm5feQ6S3gAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:50:46.058974 2022] [:error] [pid 3066834] [client 79.50.106.79:64045] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UG1qGN8oVzFm5feQ6S3gAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:56:48.048728 2022] [:error] [pid 3056937] [client 79.50.106.79:64638] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIQLVrfYiC6Hkc-QnDQgAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:56:48.050412 2022] [:error] [pid 3056937] [client 79.50.106.79:64638] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIQLVrfYiC6Hkc-QnDQgAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:56:48.050591 2022] [:error] [pid 3056937] [client 79.50.106.79:64638] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIQLVrfYiC6Hkc-QnDQgAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:56:48.057647 2022] [:error] [pid 3064141] [client 79.50.106.79:64639] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UIQMs62Xc3wODMm1esRQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:56:48.059836 2022] [:error] [pid 3064141] [client 79.50.106.79:64639] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UIQMs62Xc3wODMm1esRQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:56:48.060037 2022] [:error] [pid 3064141] [client 79.50.106.79:64639] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UIQMs62Xc3wODMm1esRQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:56:59.907767 2022] [:error] [pid 3066850] [client 79.50.106.79:64650] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIS7vplJyXdgehhjBD3wAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=633595cbaa53d5fcfd2a19f5
[Wed Nov 16 16:56:59.908769 2022] [:error] [pid 3066850] [client 79.50.106.79:64650] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIS7vplJyXdgehhjBD3wAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=633595cbaa53d5fcfd2a19f5
[Wed Nov 16 16:56:59.908931 2022] [:error] [pid 3066850] [client 79.50.106.79:64650] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIS7vplJyXdgehhjBD3wAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=633595cbaa53d5fcfd2a19f5
[Wed Nov 16 16:56:59.911174 2022] [:error] [pid 3067503] [client 79.50.106.79:64649] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/633595cbaa53d5fcfd2a19f5"] [unique_id "Y3UIS-DPbGhz0AyC-1jBCwAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=633595cbaa53d5fcfd2a19f5
[Wed Nov 16 16:56:59.912276 2022] [:error] [pid 3067503] [client 79.50.106.79:64649] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/633595cbaa53d5fcfd2a19f5"] [unique_id "Y3UIS-DPbGhz0AyC-1jBCwAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=633595cbaa53d5fcfd2a19f5
[Wed Nov 16 16:56:59.912437 2022] [:error] [pid 3067503] [client 79.50.106.79:64649] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/633595cbaa53d5fcfd2a19f5"] [unique_id "Y3UIS-DPbGhz0AyC-1jBCwAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=633595cbaa53d5fcfd2a19f5
[Wed Nov 16 16:58:19.614678 2022] [:error] [pid 3067496] [client 79.50.106.79:64790] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIm5L5ePKtVxmWWKoU4wAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:58:19.617083 2022] [:error] [pid 3067496] [client 79.50.106.79:64790] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIm5L5ePKtVxmWWKoU4wAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:58:19.617293 2022] [:error] [pid 3067496] [client 79.50.106.79:64790] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UIm5L5ePKtVxmWWKoU4wAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:58:19.619009 2022] [:error] [pid 3066822] [client 79.50.106.79:64791] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UIm57x8d0b9bXYqxYz4wAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:58:19.620365 2022] [:error] [pid 3066822] [client 79.50.106.79:64791] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UIm57x8d0b9bXYqxYz4wAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 16:58:19.620500 2022] [:error] [pid 3066822] [client 79.50.106.79:64791] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UIm57x8d0b9bXYqxYz4wAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:02:00.763338 2022] [:error] [pid 3064782] [client 79.50.106.79:65241] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UJeJxMteM6atk@eiFaLAAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:02:00.765121 2022] [:error] [pid 3064782] [client 79.50.106.79:65241] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UJeJxMteM6atk@eiFaLAAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:02:00.765354 2022] [:error] [pid 3064782] [client 79.50.106.79:65241] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UJeJxMteM6atk@eiFaLAAAAAI"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:02:00.771090 2022] [:error] [pid 3067503] [client 79.50.106.79:65237] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UJePDPbGhz0AyC-1jBFQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:02:00.772692 2022] [:error] [pid 3067503] [client 79.50.106.79:65237] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UJePDPbGhz0AyC-1jBFQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:02:00.772917 2022] [:error] [pid 3067503] [client 79.50.106.79:65237] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UJePDPbGhz0AyC-1jBFQAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:03:19.998913 2022] [:error] [pid 3064141] [client 79.50.106.79:65294] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UJx8s62Xc3wODMm1esVQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:03:20.000550 2022] [:error] [pid 3064141] [client 79.50.106.79:65294] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UJx8s62Xc3wODMm1esVQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:03:20.000760 2022] [:error] [pid 3064141] [client 79.50.106.79:65294] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UJx8s62Xc3wODMm1esVQAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:03:20.005712 2022] [:error] [pid 3066834] [client 79.50.106.79:65290] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UJyKGN8oVzFm5feQ6S7QAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:03:20.007135 2022] [:error] [pid 3066834] [client 79.50.106.79:65290] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UJyKGN8oVzFm5feQ6S7QAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:03:20.007307 2022] [:error] [pid 3066834] [client 79.50.106.79:65290] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UJyKGN8oVzFm5feQ6S7QAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:13:53.102335 2022] [:error] [pid 3067496] [client 79.50.106.79:55279] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UMQZL5ePKtVxmWWKoU6wAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:13:53.103797 2022] [:error] [pid 3067496] [client 79.50.106.79:55279] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UMQZL5ePKtVxmWWKoU6wAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:13:53.104011 2022] [:error] [pid 3067496] [client 79.50.106.79:55279] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UMQZL5ePKtVxmWWKoU6wAAAAQ"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:13:53.109931 2022] [:error] [pid 3068383] [client 79.50.106.79:55280] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UMQVdzB8GYEBKzeMgTsAAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:13:53.111407 2022] [:error] [pid 3068383] [client 79.50.106.79:55280] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UMQVdzB8GYEBKzeMgTsAAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:13:53.111580 2022] [:error] [pid 3068383] [client 79.50.106.79:55280] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UMQVdzB8GYEBKzeMgTsAAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:41.257837 2022] [:error] [pid 3068383] [client 79.50.106.79:56205] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UNnVdzB8GYEBKzeMgTtgAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:41.260011 2022] [:error] [pid 3068383] [client 79.50.106.79:56205] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UNnVdzB8GYEBKzeMgTtgAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:41.260267 2022] [:error] [pid 3068383] [client 79.50.106.79:56205] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UNnVdzB8GYEBKzeMgTtgAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:41.270622 2022] [:error] [pid 3066834] [client 79.50.106.79:56204] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UNnaGN8oVzFm5feQ6S9QAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:41.272144 2022] [:error] [pid 3066834] [client 79.50.106.79:56204] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UNnaGN8oVzFm5feQ6S9QAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:41.272358 2022] [:error] [pid 3066834] [client 79.50.106.79:56204] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UNnaGN8oVzFm5feQ6S9QAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:57.368416 2022] [:error] [pid 3064141] [client 79.50.106.79:56219] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UNrcs62Xc3wODMm1esXgAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:57.370061 2022] [:error] [pid 3064141] [client 79.50.106.79:56219] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UNrcs62Xc3wODMm1esXgAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:57.370224 2022] [:error] [pid 3064141] [client 79.50.106.79:56219] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UNrcs62Xc3wODMm1esXgAAAAc"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:57.376500 2022] [:error] [pid 3066822] [client 79.50.106.79:56218] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UNrZ7x8d0b9bXYqxYz9wAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:57.377968 2022] [:error] [pid 3066822] [client 79.50.106.79:56218] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UNrZ7x8d0b9bXYqxYz9wAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:19:57.378117 2022] [:error] [pid 3066822] [client 79.50.106.79:56218] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UNrZ7x8d0b9bXYqxYz9wAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:22:32.312850 2022] [:error] [pid 3066834] [client 79.50.106.79:52006] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOSKGN8oVzFm5feQ6S@gAAAA8"]
[Wed Nov 16 17:22:32.314170 2022] [:error] [pid 3066834] [client 79.50.106.79:52006] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOSKGN8oVzFm5feQ6S@gAAAA8"]
[Wed Nov 16 17:22:32.314328 2022] [:error] [pid 3066834] [client 79.50.106.79:52006] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOSKGN8oVzFm5feQ6S@gAAAA8"]
[Wed Nov 16 17:22:56.627336 2022] [:error] [pid 3067496] [client 79.50.106.79:55462] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOYJL5ePKtVxmWWKoU9gAAAAQ"]
[Wed Nov 16 17:22:56.629052 2022] [:error] [pid 3067496] [client 79.50.106.79:55462] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOYJL5ePKtVxmWWKoU9gAAAAQ"]
[Wed Nov 16 17:22:56.629298 2022] [:error] [pid 3067496] [client 79.50.106.79:55462] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOYJL5ePKtVxmWWKoU9gAAAAQ"]
[Wed Nov 16 17:23:21.513080 2022] [:error] [pid 3068383] [client 79.50.106.79:55479] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOeVdzB8GYEBKzeMgTugAAAAA"]
[Wed Nov 16 17:23:21.514401 2022] [:error] [pid 3068383] [client 79.50.106.79:55479] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOeVdzB8GYEBKzeMgTugAAAAA"]
[Wed Nov 16 17:23:21.514564 2022] [:error] [pid 3068383] [client 79.50.106.79:55479] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOeVdzB8GYEBKzeMgTugAAAAA"]
[Wed Nov 16 17:23:29.436684 2022] [:error] [pid 3066832] [client 79.50.106.79:55485] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOgQP5cID5RWuBgvahqAAAAA0"]
[Wed Nov 16 17:23:29.437998 2022] [:error] [pid 3066832] [client 79.50.106.79:55485] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOgQP5cID5RWuBgvahqAAAAA0"]
[Wed Nov 16 17:23:29.438183 2022] [:error] [pid 3066832] [client 79.50.106.79:55485] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOgQP5cID5RWuBgvahqAAAAA0"]
[Wed Nov 16 17:23:47.930683 2022] [:error] [pid 3064782] [client 79.50.106.79:55502] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOk5xMteM6atk@eiFaQAAAAAI"]
[Wed Nov 16 17:23:47.932091 2022] [:error] [pid 3064782] [client 79.50.106.79:55502] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOk5xMteM6atk@eiFaQAAAAAI"]
[Wed Nov 16 17:23:47.932304 2022] [:error] [pid 3064782] [client 79.50.106.79:55502] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UOk5xMteM6atk@eiFaQAAAAAI"]
[Wed Nov 16 17:26:14.331344 2022] [:error] [pid 3067503] [client 79.50.106.79:51726] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UPJvDPbGhz0AyC-1jBLgAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:26:14.333077 2022] [:error] [pid 3067503] [client 79.50.106.79:51726] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UPJvDPbGhz0AyC-1jBLgAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:26:14.333258 2022] [:error] [pid 3067503] [client 79.50.106.79:51726] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3UPJvDPbGhz0AyC-1jBLgAAAAY"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:26:14.342414 2022] [:error] [pid 3066834] [client 79.50.106.79:51724] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UPJqGN8oVzFm5feQ6TBQAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:26:14.343974 2022] [:error] [pid 3066834] [client 79.50.106.79:51724] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UPJqGN8oVzFm5feQ6TBQAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:26:14.344163 2022] [:error] [pid 3066834] [client 79.50.106.79:51724] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UPJqGN8oVzFm5feQ6TBQAAAA8"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Wed Nov 16 17:29:20.091157 2022] [:error] [pid 3068383] [client 79.50.106.79:53349] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UP4FdzB8GYEBKzeMgTvwAAAAA"]
[Wed Nov 16 17:29:20.092509 2022] [:error] [pid 3068383] [client 79.50.106.79:53349] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UP4FdzB8GYEBKzeMgTvwAAAAA"]
[Wed Nov 16 17:29:20.092673 2022] [:error] [pid 3068383] [client 79.50.106.79:53349] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3UP4FdzB8GYEBKzeMgTvwAAAAA"]
[Wed Nov 16 17:35:21.302627 2022] [:error] [pid 3065418] [client 79.50.106.79:54179] [client 79.50.106.79] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3URSZC0OPqnUi98lF8wKQAAAAo"]
[Wed Nov 16 17:35:21.307733 2022] [:error] [pid 3065418] [client 79.50.106.79:54179] [client 79.50.106.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3URSZC0OPqnUi98lF8wKQAAAAo"]
[Wed Nov 16 17:35:21.307900 2022] [:error] [pid 3065418] [client 79.50.106.79:54179] [client 79.50.106.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3URSZC0OPqnUi98lF8wKQAAAAo"]
[Mon Nov 21 12:25:54.094224 2022] [proxy:error] [pid 3139684] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Mon Nov 21 12:25:54.094256 2022] [proxy_http:error] [pid 3139684] [client 79.50.106.79:56438] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/sales-summary
[Mon Nov 21 12:25:54.095373 2022] [proxy:error] [pid 3147081] (111)Connection refused: AH00957: HTTP: attempt to connect to 127.0.0.1:3000 (127.0.0.1) failed
[Mon Nov 21 12:25:54.095391 2022] [proxy_http:error] [pid 3147081] [client 79.50.106.79:56439] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: http://pms.test.indacotrentino.com/sales-summary
[Tue Nov 22 14:27:27.734208 2022] [:error] [pid 3738] [client 213.21.147.71:59507] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zOP-1mbVy@ZIv4kzPofwAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 14:27:27.736306 2022] [:error] [pid 3740] [client 213.21.147.71:59506] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zOP7n4FDtsUtlPV28-uQAAAAw"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 14:27:27.737481 2022] [:error] [pid 3740] [client 213.21.147.71:59506] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zOP7n4FDtsUtlPV28-uQAAAAw"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 14:27:27.737525 2022] [:error] [pid 3738] [client 213.21.147.71:59507] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zOP-1mbVy@ZIv4kzPofwAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 14:27:27.737657 2022] [:error] [pid 3740] [client 213.21.147.71:59506] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zOP7n4FDtsUtlPV28-uQAAAAw"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 14:27:27.737699 2022] [:error] [pid 3738] [client 213.21.147.71:59507] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zOP-1mbVy@ZIv4kzPofwAAAAo"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:26:40.165784 2022] [:error] [pid 4580] [client 213.21.147.71:63228] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zcIJIdcqHjnf0j7qMKPwAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:26:40.167041 2022] [:error] [pid 4580] [client 213.21.147.71:63228] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zcIJIdcqHjnf0j7qMKPwAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:26:40.167778 2022] [:error] [pid 4563] [client 213.21.147.71:63230] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zcIPxjaG1l0eYIv6XyNwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:26:40.169171 2022] [:error] [pid 4563] [client 213.21.147.71:63230] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zcIPxjaG1l0eYIv6XyNwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:26:40.169311 2022] [:error] [pid 4563] [client 213.21.147.71:63230] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zcIPxjaG1l0eYIv6XyNwAAAAA"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:26:40.169713 2022] [:error] [pid 4580] [client 213.21.147.71:63228] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zcIJIdcqHjnf0j7qMKPwAAAAg"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:07.234346 2022] [core:alert] [pid 4566] [client 213.21.147.71:63558] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indaco.store/
[Tue Nov 22 15:30:07.670813 2022] [core:alert] [pid 4564] [client 213.21.147.71:63559] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/sales-summary
[Tue Nov 22 15:30:19.234783 2022] [core:alert] [pid 4567] [client 213.21.147.71:63572] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/home
[Tue Nov 22 15:30:21.205235 2022] [core:alert] [pid 4581] [client 213.21.147.71:63575] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/catalogue
[Tue Nov 22 15:30:24.657576 2022] [core:alert] [pid 4573] [client 213.21.147.71:63574] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:27.520192 2022] [:error] [pid 4566] [client 213.21.147.71:63580] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zdAwuwZWMyOVmcFRf81wAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:27.520546 2022] [:error] [pid 4564] [client 213.21.147.71:63581] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zdAxaxjVYdRzpbLTF42gAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:27.521659 2022] [:error] [pid 4566] [client 213.21.147.71:63580] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zdAwuwZWMyOVmcFRf81wAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:27.521808 2022] [:error] [pid 4566] [client 213.21.147.71:63580] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zdAwuwZWMyOVmcFRf81wAAAAM"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:27.521987 2022] [:error] [pid 4564] [client 213.21.147.71:63581] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zdAxaxjVYdRzpbLTF42gAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:27.522222 2022] [:error] [pid 4564] [client 213.21.147.71:63581] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/6322f4392b28d1270d9d338a"] [unique_id "Y3zdAxaxjVYdRzpbLTF42gAAAAE"], referer: http://pms.test.indacotrentino.com/editProduct;productId=6322f4392b28d1270d9d338a
[Tue Nov 22 15:30:27.727215 2022] [core:alert] [pid 4563] [client 213.21.147.71:63579] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/catalogue
[Tue Nov 22 15:30:44.913321 2022] [core:alert] [pid 4567] [client 213.21.147.71:63601] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:45.097778 2022] [core:alert] [pid 4563] [client 213.21.147.71:63603] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:46.957276 2022] [:error] [pid 4706] [client 213.21.147.71:63605] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zdFs35u4tX6MmaFdniHgAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:46.958532 2022] [:error] [pid 4706] [client 213.21.147.71:63605] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zdFs35u4tX6MmaFdniHgAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:46.958779 2022] [:error] [pid 4706] [client 213.21.147.71:63605] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/updateInventory/"] [unique_id "Y3zdFs35u4tX6MmaFdniHgAAAAU"], referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:46.961069 2022] [:error] [pid 4581] [client 213.21.147.71:63604] [client 213.21.147.71] ModSecurity: Warning. Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "45"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/METHOD_NOT_ALLOWED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "OWASP_AppSensor/RE1"] [tag "PCI/12.1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3zdFjw89QgEJK-Zh5eBPAAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:46.962350 2022] [:error] [pid 4581] [client 213.21.147.71:63604] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3zdFjw89QgEJK-Zh5eBPAAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:46.962508 2022] [:error] [pid 4581] [client 213.21.147.71:63604] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/partners/63183b1675134bd17edc6a61/products/632349141fbeef5e72aae4df"] [unique_id "Y3zdFjw89QgEJK-Zh5eBPAAAAAk"], referer: http://pms.test.indacotrentino.com/editProduct;productId=632349141fbeef5e72aae4df
[Tue Nov 22 15:30:47.292160 2022] [core:alert] [pid 4581] [client 213.21.147.71:63604] /var/www/pms.test.indaco.store/www/.htaccess: </LimitExcept> directive missing closing '>', referer: http://pms.test.indacotrentino.com/catalogue
[Wed Nov 23 09:40:52.729458 2022] [proxy_http:error] [pid 14717] (104)Connection reset by peer: [client 79.22.176.21:59679] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editProduct;productId=6335957daa53d5fcfd2a19bb
[Fri Dec 23 11:27:04.130080 2022] [negotiation:error] [pid 448142] [client 36.255.223.48:44672] AH00687: Negotiation: discovered file(s) matching request: /var/www/pms.test.indaco.store/www/im (None could be negotiated)., referer: http://pms.test.indacotrentino.com/im/
[Fri Dec 23 11:27:05.161533 2022] [negotiation:error] [pid 448143] [client 36.255.223.48:45982] AH00687: Negotiation: discovered file(s) matching request: /var/www/pms.test.indaco.store/www/im (None could be negotiated)., referer: http://pms.test.indacotrentino.com/im/h5/
[Fri Dec 23 11:27:08.375860 2022] [negotiation:error] [pid 448141] [client 36.255.223.48:46684] AH00687: Negotiation: discovered file(s) matching request: /var/www/pms.test.indaco.store/www/im (None could be negotiated)., referer: http://pms.test.indacotrentino.com/im/in/GetUuid
[Fri Dec 23 11:27:08.397661 2022] [negotiation:error] [pid 449903] [client 36.255.223.48:46452] AH00687: Negotiation: discovered file(s) matching request: /var/www/pms.test.indaco.store/www/im (None could be negotiated)., referer: http://pms.test.indacotrentino.com/im/App/config
[Fri Dec 23 11:27:18.639242 2022] [negotiation:error] [pid 449903] [client 36.255.223.48:46452] AH00687: Negotiation: discovered file(s) matching request: /var/www/pms.test.indaco.store/www/ws (None could be negotiated)., referer: http://pms.test.indacotrentino.com/ws/index/getTheLotteryInitList
[Fri Dec 23 11:27:19.970138 2022] [negotiation:error] [pid 444301] [client 36.255.223.48:45660] AH00687: Negotiation: discovered file(s) matching request: /var/www/pms.test.indaco.store/www/mg (None could be negotiated)., referer: http://pms.test.indacotrentino.com/mg/other/codepay/js/codepay_util.js
[Tue Feb 28 09:43:26.780584 2023] [proxy_http:error] [pid 1479276] (104)Connection reset by peer: [client 213.21.147.71:50264] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/catalogue
[Wed Mar 22 14:21:42.501333 2023] [proxy_http:error] [pid 1828067] (70007)The timeout specified has expired: [client 37.186.136.246:63476] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641aff89d950840eb9b5380b
[Wed Mar 22 14:21:42.506478 2023] [proxy:error] [pid 1828067] [client 37.186.136.246:63476] AH00898: Error reading from remote server returned by /rest/media/641aff89d950840eb9b5380b, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641aff89d950840eb9b5380b
[Wed Mar 22 14:22:34.283768 2023] [proxy_http:error] [pid 1828083] (70007)The timeout specified has expired: [client 37.186.136.246:63500] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641afe3ed950840eb9b537a7
[Wed Mar 22 14:22:34.283839 2023] [proxy:error] [pid 1828083] [client 37.186.136.246:63500] AH00898: Error reading from remote server returned by /rest/media/641afe3ed950840eb9b537a7, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641afe3ed950840eb9b537a7
[Wed Mar 22 16:36:11.996583 2023] [proxy_http:error] [pid 1829319] (70007)The timeout specified has expired: [client 37.186.136.246:51177] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641b1f22526d29a110e1d3d6
[Wed Mar 22 16:36:11.996648 2023] [proxy:error] [pid 1829319] [client 37.186.136.246:51177] AH00898: Error reading from remote server returned by /rest/media/641b1f22526d29a110e1d3d6, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641b1f22526d29a110e1d3d6
[Wed Mar 22 16:36:41.025255 2023] [proxy_http:error] [pid 1828130] (70007)The timeout specified has expired: [client 37.186.136.246:51191] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641b1eb3d950840eb9b539a4
[Wed Mar 22 16:36:41.025308 2023] [proxy:error] [pid 1828130] [client 37.186.136.246:51191] AH00898: Error reading from remote server returned by /rest/media/641b1eb3d950840eb9b539a4, referer: http://pms.test.indacotrentino.com/editReference;referenceId=641b1eb3d950840eb9b539a4
[Fri Apr 21 14:59:33.837244 2023] [proxy_http:error] [pid 2287500] (70007)The timeout specified has expired: [client 5.92.117.99:30576] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editReference;referenceId=6442861add0917a3f84b513a
[Fri Apr 21 14:59:33.839595 2023] [proxy:error] [pid 2287500] [client 5.92.117.99:30576] AH00898: Error reading from remote server returned by /rest/media/6442861add0917a3f84b513a, referer: http://pms.test.indacotrentino.com/editReference;referenceId=6442861add0917a3f84b513a
[Fri Apr 21 15:32:17.017254 2023] [proxy_http:error] [pid 2289685] (70007)The timeout specified has expired: [client 37.161.132.206:50905] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editReference;referenceId=64428eea9c6d1528a8d96e6a
[Fri Apr 21 15:32:17.017328 2023] [proxy:error] [pid 2289685] [client 37.161.132.206:50905] AH00898: Error reading from remote server returned by /rest/partners/6419bc8fd950840eb9b530a5/products/64428eea9c6d1528a8d96e6a, referer: http://pms.test.indacotrentino.com/editReference;referenceId=64428eea9c6d1528a8d96e6a
[Wed May 03 17:22:59.758257 2023] [proxy_http:error] [pid 2485119] (70007)The timeout specified has expired: [client 79.20.109.100:60902] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: http://pms.test.indacotrentino.com/editReference;referenceId=644bd045b4d5788bc848936a
[Wed May 03 17:22:59.760408 2023] [proxy:error] [pid 2485119] [client 79.20.109.100:60902] AH00898: Error reading from remote server returned by /rest/media/644bd045b4d5788bc848936a, referer: http://pms.test.indacotrentino.com/editReference;referenceId=644bd045b4d5788bc848936a
[Mon May 08 11:16:43.555888 2023] [:error] [pid 2556286] [client 91.213.50.8:52174] [client 91.213.50.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZFi9@87yo4@MZ0aEJRRiMQAAAAo"]
[Mon May 08 11:16:43.556158 2023] [:error] [pid 2556286] [client 91.213.50.8:52174] [client 91.213.50.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZFi9@87yo4@MZ0aEJRRiMQAAAAo"]
[Mon May 08 11:16:43.556393 2023] [:error] [pid 2556286] [client 91.213.50.8:52174] [client 91.213.50.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZFi9@87yo4@MZ0aEJRRiMQAAAAo"]
[Tue May 09 10:08:02.468798 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "[\\\\n\\\\r]" at ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "166"] [id "921150"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)"] [data "Matched Data: \\x0a found within ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/HEADER_INJECTION"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.470132 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:l[\\\\\\\\'\\"]* ..." at ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ;echo join(\\x22\\x0a\\x22,$colm);die found within ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTI [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.470250 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:m[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*q[\\"\\\\^]*l(?:[\\"\\\\^]*(?:d[\\"\\\\^]*u[\\"\\\\^]*m[\\"\\\\^]*p(?:[\\"\\\\^]*s[\\"\\\\^ ..." at ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "258"] [id "932110"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ;echo found within ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-windows"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC- [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.470393 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "67"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('cmd.exe /c echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.470474 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "133"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input: -d allow_url_include=1 -d auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.470524 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "199"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input: -d allow_url_include=1 -d auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.470618 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die() found within ARGS_NAMES:<?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('cmd.exe /C echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injectio [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.471289 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 35)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.471472 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 35 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=20,HTTP=5,SESS=0): individual paranoia level scores: 35, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6gAAAAk"]
[Tue May 09 10:08:02.484620 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "[\\\\n\\\\r]" at ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "166"] [id "921150"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)"] [data "Matched Data: \\x0a found within ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/HEADER_INJECTION"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.484793 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:l[\\\\\\\\'\\"]* ..." at ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ;echo join(\\x22\\x0a\\x22,$colm);die found within ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.484889 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:m[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*q[\\"\\\\^]*l(?:[\\"\\\\^]*(?:d[\\"\\\\^]*u[\\"\\\\^]*m[\\"\\\\^]*p(?:[\\"\\\\^]*s[\\"\\\\^ ..." at ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "258"] [id "932110"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ;echo found within ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-windows"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.485023 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "67"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.485087 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "133"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input: -d allow_url_include=1 -d auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.485130 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?i)php://(?:std(?:in|out|err)|(?:in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "199"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=1 -d auto_prepend_file=php://input: -d allow_url_include=1 -d auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.485237 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join("\\n",$colm);die();?>. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die() found within ARGS_NAMES:<?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x5cn\\x22,$colm);die();?>: <?php exec('echo uizwcdcq9800cqkm2lyq',$colm);echo join(\\x22\\x0a\\x22,$colm);die();?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WE [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.485903 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 35)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:02.486095 2023] [:error] [pid 2564796] [client 213.21.147.71:52023] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 35 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=10,PHPI=20,HTTP=5,SESS=0): individual paranoia level scores: 35, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home"] [unique_id "ZFn-Ykwf-WPWf2U@Ko2p6wAAAAk"]
[Tue May 09 10:08:49.027339 2023] [:error] [pid 2571515] [client 213.21.147.71:52122] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/elmah.axd"] [unique_id "ZFn-kfL6YdC63eY1GExiuQAAAAw"]
[Tue May 09 10:08:49.027789 2023] [:error] [pid 2571515] [client 213.21.147.71:52122] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/elmah.axd"] [unique_id "ZFn-kfL6YdC63eY1GExiuQAAAAw"]
[Tue May 09 10:08:49.028010 2023] [:error] [pid 2571515] [client 213.21.147.71:52122] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/elmah.axd"] [unique_id "ZFn-kfL6YdC63eY1GExiuQAAAAw"]
[Tue May 09 10:08:49.030303 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/trace.axd"] [unique_id "ZFn-kbclbae1yinrQt9OswAAAAY"]
[Tue May 09 10:08:49.030658 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/trace.axd"] [unique_id "ZFn-kbclbae1yinrQt9OswAAAAY"]
[Tue May 09 10:08:49.030863 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/trace.axd"] [unique_id "ZFn-kbclbae1yinrQt9OswAAAAY"]
[Tue May 09 10:08:49.043286 2023] [authz_core:error] [pid 2571526] [client 213.21.147.71:52121] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htaccess
[Tue May 09 10:08:49.069940 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZFn-kbclbae1yinrQt9OtQAAAAY"]
[Tue May 09 10:08:49.070186 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZFn-kbclbae1yinrQt9OtQAAAAY"]
[Tue May 09 10:08:49.070386 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZFn-kbclbae1yinrQt9OtQAAAAY"]
[Tue May 09 10:08:49.114536 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/webservers.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/WebServers.xml"] [unique_id "ZFn-kbclbae1yinrQt9OtwAAAAY"]
[Tue May 09 10:08:49.114773 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/WebServers.xml"] [unique_id "ZFn-kbclbae1yinrQt9OtwAAAAY"]
[Tue May 09 10:08:49.114997 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/WebServers.xml"] [unique_id "ZFn-kbclbae1yinrQt9OtwAAAAY"]
[Tue May 09 10:08:49.140645 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "ZFn-kbclbae1yinrQt9OuQAAAAY"]
[Tue May 09 10:08:49.140876 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "ZFn-kbclbae1yinrQt9OuQAAAAY"]
[Tue May 09 10:08:49.141086 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "ZFn-kbclbae1yinrQt9OuQAAAAY"]
[Tue May 09 10:08:49.154042 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZFn-kbclbae1yinrQt9OugAAAAY"]
[Tue May 09 10:08:49.154267 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZFn-kbclbae1yinrQt9OugAAAAY"]
[Tue May 09 10:08:49.154459 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZFn-kbclbae1yinrQt9OugAAAAY"]
[Tue May 09 10:08:49.166417 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "ZFn-kbclbae1yinrQt9OuwAAAAY"]
[Tue May 09 10:08:49.166641 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "ZFn-kbclbae1yinrQt9OuwAAAAY"]
[Tue May 09 10:08:49.166851 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "ZFn-kbclbae1yinrQt9OuwAAAAY"]
[Tue May 09 10:08:49.178509 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZFn-kbclbae1yinrQt9OvAAAAAY"]
[Tue May 09 10:08:49.178654 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZFn-kbclbae1yinrQt9OvAAAAAY"]
[Tue May 09 10:08:49.178860 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZFn-kbclbae1yinrQt9OvAAAAAY"]
[Tue May 09 10:08:49.179048 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZFn-kbclbae1yinrQt9OvAAAAAY"]
[Tue May 09 10:08:49.204116 2023] [authz_core:error] [pid 2571526] [client 213.21.147.71:52121] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Tue May 09 10:08:49.229761 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "ZFn-kbclbae1yinrQt9OwAAAAAY"]
[Tue May 09 10:08:49.229994 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "ZFn-kbclbae1yinrQt9OwAAAAAY"]
[Tue May 09 10:08:49.230189 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "ZFn-kbclbae1yinrQt9OwAAAAAY"]
[Tue May 09 10:08:49.457649 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/WS_FTP.ini"] [unique_id "ZFn-kbclbae1yinrQt9OwQAAAAY"]
[Tue May 09 10:08:49.458009 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/WS_FTP.ini"] [unique_id "ZFn-kbclbae1yinrQt9OwQAAAAY"]
[Tue May 09 10:08:49.458241 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/WS_FTP.ini"] [unique_id "ZFn-kbclbae1yinrQt9OwQAAAAY"]
[Tue May 09 10:08:49.470603 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/ws_ftp.ini"] [unique_id "ZFn-kbclbae1yinrQt9OwgAAAAY"]
[Tue May 09 10:08:49.470964 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ws_ftp.ini"] [unique_id "ZFn-kbclbae1yinrQt9OwgAAAAY"]
[Tue May 09 10:08:49.471256 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ws_ftp.ini"] [unique_id "ZFn-kbclbae1yinrQt9OwgAAAAY"]
[Tue May 09 10:08:49.483125 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".INI"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/WS_FTP.INI"] [unique_id "ZFn-kbclbae1yinrQt9OwwAAAAY"]
[Tue May 09 10:08:49.483490 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/WS_FTP.INI"] [unique_id "ZFn-kbclbae1yinrQt9OwwAAAAY"]
[Tue May 09 10:08:49.483700 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/WS_FTP.INI"] [unique_id "ZFn-kbclbae1yinrQt9OwwAAAAY"]
[Tue May 09 10:08:49.535446 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/winscp.ini"] [unique_id "ZFn-kbclbae1yinrQt9OxwAAAAY"]
[Tue May 09 10:08:49.535813 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/winscp.ini"] [unique_id "ZFn-kbclbae1yinrQt9OxwAAAAY"]
[Tue May 09 10:08:49.536024 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/winscp.ini"] [unique_id "ZFn-kbclbae1yinrQt9OxwAAAAY"]
[Tue May 09 10:08:49.548343 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/WinSCP.ini"] [unique_id "ZFn-kbclbae1yinrQt9OyAAAAAY"]
[Tue May 09 10:08:49.548702 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/WinSCP.ini"] [unique_id "ZFn-kbclbae1yinrQt9OyAAAAAY"]
[Tue May 09 10:08:49.548936 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/WinSCP.ini"] [unique_id "ZFn-kbclbae1yinrQt9OyAAAAAY"]
[Tue May 09 10:08:49.560806 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZFn-kbclbae1yinrQt9OyQAAAAY"]
[Tue May 09 10:08:49.561061 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZFn-kbclbae1yinrQt9OyQAAAAY"]
[Tue May 09 10:08:49.561289 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZFn-kbclbae1yinrQt9OyQAAAAY"]
[Tue May 09 10:08:49.614853 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ZFn-kbclbae1yinrQt9OzQAAAAY"]
[Tue May 09 10:08:49.615105 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ZFn-kbclbae1yinrQt9OzQAAAAY"]
[Tue May 09 10:08:49.615334 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ZFn-kbclbae1yinrQt9OzQAAAAY"]
[Tue May 09 10:08:49.627303 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZFn-kbclbae1yinrQt9OzgAAAAY"]
[Tue May 09 10:08:49.627638 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZFn-kbclbae1yinrQt9OzgAAAAY"]
[Tue May 09 10:08:49.627858 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZFn-kbclbae1yinrQt9OzgAAAAY"]
[Tue May 09 10:08:49.640230 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/privatekey.key"] [unique_id "ZFn-kbclbae1yinrQt9OzwAAAAY"]
[Tue May 09 10:08:49.640560 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/privatekey.key"] [unique_id "ZFn-kbclbae1yinrQt9OzwAAAAY"]
[Tue May 09 10:08:49.640788 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/privatekey.key"] [unique_id "ZFn-kbclbae1yinrQt9OzwAAAAY"]
[Tue May 09 10:08:49.652404 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/myserver.key"] [unique_id "ZFn-kbclbae1yinrQt9O0AAAAAY"]
[Tue May 09 10:08:49.652748 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/myserver.key"] [unique_id "ZFn-kbclbae1yinrQt9O0AAAAAY"]
[Tue May 09 10:08:49.652964 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/myserver.key"] [unique_id "ZFn-kbclbae1yinrQt9O0AAAAAY"]
[Tue May 09 10:08:49.706320 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZFn-kbclbae1yinrQt9O1AAAAAY"]
[Tue May 09 10:08:49.706547 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZFn-kbclbae1yinrQt9O1AAAAAY"]
[Tue May 09 10:08:49.706760 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZFn-kbclbae1yinrQt9O1AAAAAY"]
[Tue May 09 10:08:49.719061 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase ".ssh/id_dsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_dsa found within REQUEST_FILENAME: /.ssh/id_dsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_dsa"] [unique_id "ZFn-kbclbae1yinrQt9O1QAAAAY"]
[Tue May 09 10:08:49.719299 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_dsa"] [unique_id "ZFn-kbclbae1yinrQt9O1QAAAAY"]
[Tue May 09 10:08:49.719511 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_dsa"] [unique_id "ZFn-kbclbae1yinrQt9O1QAAAAY"]
[Tue May 09 10:08:49.785844 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "ZFn-kbclbae1yinrQt9O2gAAAAY"]
[Tue May 09 10:08:49.786110 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "ZFn-kbclbae1yinrQt9O2gAAAAY"]
[Tue May 09 10:08:49.786324 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "ZFn-kbclbae1yinrQt9O2gAAAAY"]
[Tue May 09 10:08:49.798951 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "ZFn-kbclbae1yinrQt9O2wAAAAY"]
[Tue May 09 10:08:49.799219 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "ZFn-kbclbae1yinrQt9O2wAAAAY"]
[Tue May 09 10:08:49.799426 2023] [:error] [pid 2571526] [client 213.21.147.71:52121] [client 213.21.147.71] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "ZFn-kbclbae1yinrQt9O2wAAAAY"]
[Wed May 10 11:56:40.784495 2023] [:error] [pid 2588463] [client 217.71.68.23:14332] [client 217.71.68.23] ModSecurity: Warning. Pattern match "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\"=]" at FILES:image. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "114"] [id "920120"] [msg "Attempted multipart/form-data bypass"] [data "Aggiungi un'intestazione.png"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/645b6a4934fbcd15c3070e8b"] [unique_id "ZFtqWPSXpiR1mj6DcKW3dAAAAAY"], referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b6a4934fbcd15c3070e8b
[Wed May 10 11:56:40.787046 2023] [:error] [pid 2588463] [client 217.71.68.23:14332] [client 217.71.68.23] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/645b6a4934fbcd15c3070e8b"] [unique_id "ZFtqWPSXpiR1mj6DcKW3dAAAAAY"], referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b6a4934fbcd15c3070e8b
[Wed May 10 11:56:40.787320 2023] [:error] [pid 2588463] [client 217.71.68.23:14332] [client 217.71.68.23] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/645b6a4934fbcd15c3070e8b"] [unique_id "ZFtqWPSXpiR1mj6DcKW3dAAAAAY"], referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b6a4934fbcd15c3070e8b
[Fri May 12 10:08:26.048059 2023] [proxy:error] [pid 2623527] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Fri May 12 10:08:26.052408 2023] [proxy_http:error] [pid 2623527] [client 213.21.147.71:53964] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/admin/partner/645b83a134fbcd15c307132c
[Fri May 12 10:08:26.134913 2023] [proxy:error] [pid 2684415] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Fri May 12 10:08:26.134936 2023] [proxy_http:error] [pid 2684415] [client 213.21.147.71:53967] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/admin/partner/645b83a134fbcd15c307132c
[Fri May 12 10:08:29.739057 2023] [proxy:error] [pid 2624300] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Fri May 12 10:08:29.739102 2023] [proxy_http:error] [pid 2624300] [client 213.21.147.71:53966] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Fri May 12 10:08:29.739186 2023] [proxy:error] [pid 2624304] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Fri May 12 10:08:29.739202 2023] [proxy_http:error] [pid 2624304] [client 213.21.147.71:53965] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Mon May 15 11:21:00.133400 2023] [proxy:error] [pid 42845] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Mon May 15 11:21:00.135242 2023] [proxy:error] [pid 42880] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Mon May 15 11:21:00.186585 2023] [proxy_http:error] [pid 42845] [client 95.248.167.228:52545] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Mon May 15 11:21:00.186623 2023] [proxy_http:error] [pid 42880] [client 95.248.167.228:52544] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Mon May 15 11:21:06.382021 2023] [proxy:error] [pid 47392] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Mon May 15 11:21:06.382043 2023] [proxy_http:error] [pid 47392] [client 95.248.167.228:52555] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Mon May 15 11:21:06.388767 2023] [proxy:error] [pid 47389] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Mon May 15 11:21:06.388784 2023] [proxy_http:error] [pid 47389] [client 95.248.167.228:52557] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Tue May 16 12:07:42.952800 2023] [proxy_http:error] [pid 76244] (70007)The timeout specified has expired: [client 5.92.59.232:52118] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b870ff2dcfd21226f859b
[Tue May 16 12:07:42.955302 2023] [proxy:error] [pid 76244] [client 5.92.59.232:52118] AH00898: Error reading from remote server returned by /rest/media/645b870ff2dcfd21226f859b, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b870ff2dcfd21226f859b
[Tue May 16 12:08:03.471424 2023] [proxy_http:error] [pid 61659] (70007)The timeout specified has expired: [client 5.92.59.232:52120] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b870ff2dcfd21226f859b
[Tue May 16 12:08:03.471471 2023] [proxy:error] [pid 61659] [client 5.92.59.232:52120] AH00898: Error reading from remote server returned by /rest/media/645b870ff2dcfd21226f859b, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b870ff2dcfd21226f859b
[Tue May 16 12:08:31.112378 2023] [proxy_http:error] [pid 76256] (70007)The timeout specified has expired: [client 5.92.59.232:52138] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b870ff2dcfd21226f859b
[Tue May 16 12:08:31.112429 2023] [proxy:error] [pid 76256] [client 5.92.59.232:52138] AH00898: Error reading from remote server returned by /rest/media/645b870ff2dcfd21226f859b, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b870ff2dcfd21226f859b
[Tue May 16 12:09:12.795818 2023] [proxy_http:error] [pid 76257] (70007)The timeout specified has expired: [client 5.92.59.232:52160] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:09:12.795871 2023] [proxy:error] [pid 76257] [client 5.92.59.232:52160] AH00898: Error reading from remote server returned by /rest/media/645b8676f2dcfd21226f851e, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:10:11.034249 2023] [proxy_http:error] [pid 76295] (20014)Internal error (specific information not available): [client 213.21.147.71:59725] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=644be5a7d680c6923c393386
[Tue May 16 12:10:11.034306 2023] [proxy:error] [pid 76295] [client 213.21.147.71:59725] AH00898: Error reading from remote server returned by /rest/media/644be5a7d680c6923c393386, referer: https://pms.test.indacotrentino.com/editReference;referenceId=644be5a7d680c6923c393386
[Tue May 16 12:10:11.034811 2023] [proxy_http:error] [pid 76280] (20014)Internal error (specific information not available): [client 5.92.59.232:52200] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:10:11.034846 2023] [proxy:error] [pid 76280] [client 5.92.59.232:52200] AH00898: Error reading from remote server returned by /rest/media/645b8676f2dcfd21226f851e, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:10:11.211815 2023] [proxy_http:error] [pid 60068] (20014)Internal error (specific information not available): [client 5.92.59.232:52191] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:10:11.211852 2023] [proxy:error] [pid 60068] [client 5.92.59.232:52191] AH00898: Error reading from remote server returned by /rest/media/645b8676f2dcfd21226f851e, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:10:11.213457 2023] [proxy_http:error] [pid 76260] (20014)Internal error (specific information not available): [client 5.92.59.232:52181] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:10:11.213475 2023] [proxy:error] [pid 76260] [client 5.92.59.232:52181] AH00898: Error reading from remote server returned by /rest/media/645b8676f2dcfd21226f851e, referer: https://pms.test.indacotrentino.com/editReference;referenceId=645b8676f2dcfd21226f851e
[Tue May 16 12:12:39.549074 2023] [proxy_http:error] [pid 76260] (20014)Internal error (specific information not available): [client 213.21.147.71:60620] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/editReference;referenceId=644be5a7d680c6923c393386
[Tue May 16 12:12:39.549111 2023] [proxy:error] [pid 76260] [client 213.21.147.71:60620] AH00898: Error reading from remote server returned by /rest/media/644be5a7d680c6923c393386, referer: https://pms.test.indacotrentino.com/editReference;referenceId=644be5a7d680c6923c393386
[Fri May 19 09:49:07.970691 2023] [proxy_http:error] [pid 117755] (104)Connection reset by peer: [client 217.71.68.23:24701] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/admin/warehouse-details;id=632dd666c67848346c8115c0;partnerId=632dd5c81d877a2ed9c6d153
[Thu Jun 29 17:42:34.167968 2023] [proxy:error] [pid 326269] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Thu Jun 29 17:42:34.177303 2023] [proxy_http:error] [pid 326269] [client 82.52.46.7:63062] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/orders
[Fri Jul 07 14:44:20.797534 2023] [proxy:error] [pid 507535] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Fri Jul 07 14:44:20.803715 2023] [proxy_http:error] [pid 507535] [client 217.71.68.23:20209] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/orders
[Fri Jul 07 21:38:24.785053 2023] [:error] [pid 516263] [client 91.213.50.8:32876] [client 91.213.50.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZKhpsH2nK4GdPBWvTAI4DQAAAAg"]
[Fri Jul 07 21:38:24.785390 2023] [:error] [pid 516263] [client 91.213.50.8:32876] [client 91.213.50.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZKhpsH2nK4GdPBWvTAI4DQAAAAg"]
[Fri Jul 07 21:38:24.787089 2023] [:error] [pid 516263] [client 91.213.50.8:32876] [client 91.213.50.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZKhpsH2nK4GdPBWvTAI4DQAAAAg"]
[Fri Jul 07 21:38:28.016983 2023] [authz_core:error] [pid 516298] [client 142.93.153.3:53558] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Fri Jul 07 21:38:29.393788 2023] [:error] [pid 516260] [client 142.93.153.3:53764] [client 142.93.153.3] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZKhptQah-CQgYU6zEAXU6AAAAAw"]
[Fri Jul 07 21:38:29.394009 2023] [:error] [pid 516260] [client 142.93.153.3:53764] [client 142.93.153.3] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZKhptQah-CQgYU6zEAXU6AAAAAw"]
[Fri Jul 07 21:38:29.394164 2023] [:error] [pid 516260] [client 142.93.153.3:53764] [client 142.93.153.3] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZKhptQah-CQgYU6zEAXU6AAAAAw"]
[Fri Jul 07 21:38:29.828010 2023] [:error] [pid 516297] [client 142.93.153.3:53840] [client 142.93.153.3] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZKhptUFqXNkF48M1IYnzMgAAAAE"]
[Fri Jul 07 21:38:29.831126 2023] [:error] [pid 516297] [client 142.93.153.3:53840] [client 142.93.153.3] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZKhptUFqXNkF48M1IYnzMgAAAAE"]
[Fri Jul 07 21:38:29.831295 2023] [:error] [pid 516297] [client 142.93.153.3:53840] [client 142.93.153.3] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZKhptUFqXNkF48M1IYnzMgAAAAE"]
[Fri Jul 07 21:38:30.277976 2023] [:error] [pid 516264] [client 142.93.153.3:53908] [client 142.93.153.3] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZKhptkeXIouTpdqUUtwf7AAAAAo"]
[Fri Jul 07 21:38:30.278194 2023] [:error] [pid 516264] [client 142.93.153.3:53908] [client 142.93.153.3] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZKhptkeXIouTpdqUUtwf7AAAAAo"]
[Fri Jul 07 21:38:30.278338 2023] [:error] [pid 516264] [client 142.93.153.3:53908] [client 142.93.153.3] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZKhptkeXIouTpdqUUtwf7AAAAAo"]
[Fri Jul 07 21:50:12.700912 2023] [:error] [pid 516260] [client 171.67.70.229:45230] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKhsdAah-CQgYU6zEAXU6QAAAAw"]
[Fri Jul 07 21:50:12.701383 2023] [:error] [pid 516260] [client 171.67.70.229:45230] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKhsdAah-CQgYU6zEAXU6QAAAAw"]
[Fri Jul 07 21:50:12.701557 2023] [:error] [pid 516260] [client 171.67.70.229:45230] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKhsdAah-CQgYU6zEAXU6QAAAAw"]
[Fri Jul 07 21:50:31.984786 2023] [:error] [pid 516298] [client 171.67.70.229:42828] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKhsh0GtRnb_2psI9GhA_wAAAAM"]
[Fri Jul 07 21:50:31.985212 2023] [:error] [pid 516298] [client 171.67.70.229:42828] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKhsh0GtRnb_2psI9GhA_wAAAAM"]
[Fri Jul 07 21:50:31.985385 2023] [:error] [pid 516298] [client 171.67.70.229:42828] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKhsh0GtRnb_2psI9GhA_wAAAAM"]
[Sat Jul 08 01:50:13.393397 2023] [:error] [pid 518656] [client 171.67.70.233:48384] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKiktYRz_vdEHmXipitNPwAAAAo"]
[Sat Jul 08 01:50:13.393835 2023] [:error] [pid 518656] [client 171.67.70.233:48384] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKiktYRz_vdEHmXipitNPwAAAAo"]
[Sat Jul 08 01:50:13.394050 2023] [:error] [pid 518656] [client 171.67.70.233:48384] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKiktYRz_vdEHmXipitNPwAAAAo"]
[Sat Jul 08 01:50:31.695060 2023] [:error] [pid 518657] [client 171.67.70.233:45626] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKikx4utL4D_h1VUa52pfgAAAAA"]
[Sat Jul 08 01:50:31.695434 2023] [:error] [pid 518657] [client 171.67.70.233:45626] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKikx4utL4D_h1VUa52pfgAAAAA"]
[Sat Jul 08 01:50:31.695630 2023] [:error] [pid 518657] [client 171.67.70.233:45626] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZKikx4utL4D_h1VUa52pfgAAAAA"]
[Thu Jul 13 11:01:29.750559 2023] [autoindex:error] [pid 615795] [client 93.70.96.81:12728] AH01276: Cannot serve directory /var/www/pms.test.indaco.store/www/product-images/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
[Sat Jul 15 05:14:30.455080 2023] [:error] [pid 645221] [client 190.211.252.154:49454] [client 190.211.252.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZLIPFgPAHmZxpaZOgaUL7QAAAAQ"]
[Sat Jul 15 05:14:30.456421 2023] [:error] [pid 645221] [client 190.211.252.154:49454] [client 190.211.252.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZLIPFgPAHmZxpaZOgaUL7QAAAAQ"]
[Sat Jul 15 05:14:30.457246 2023] [:error] [pid 645221] [client 190.211.252.154:49454] [client 190.211.252.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZLIPFgPAHmZxpaZOgaUL7QAAAAQ"]
[Mon Jul 17 02:19:49.892835 2023] [:error] [pid 673637] [client 3.143.209.15:51956] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZLSJJYZYX_VnrzSUhoVlPAAAAAI"]
[Mon Jul 17 02:19:49.893142 2023] [:error] [pid 673637] [client 3.143.209.15:51956] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZLSJJYZYX_VnrzSUhoVlPAAAAAI"]
[Mon Jul 17 02:19:49.893294 2023] [:error] [pid 673637] [client 3.143.209.15:51956] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZLSJJYZYX_VnrzSUhoVlPAAAAAI"]
[Mon Jul 17 02:19:49.894212 2023] [:error] [pid 673638] [client 3.143.209.15:51964] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /beta/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZLSJJaf8b0BmNA89Kdw_YAAAAAM"]
[Mon Jul 17 02:19:49.894555 2023] [:error] [pid 673638] [client 3.143.209.15:51964] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZLSJJaf8b0BmNA89Kdw_YAAAAAM"]
[Mon Jul 17 02:19:49.894759 2023] [:error] [pid 673638] [client 3.143.209.15:51964] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZLSJJaf8b0BmNA89Kdw_YAAAAAM"]
[Mon Jul 17 02:19:49.896215 2023] [:error] [pid 673639] [client 3.143.209.15:51958] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZLSJJXTUyDq7zN9MWDuScwAAAAQ"]
[Mon Jul 17 02:19:49.896415 2023] [:error] [pid 673639] [client 3.143.209.15:51958] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZLSJJXTUyDq7zN9MWDuScwAAAAQ"]
[Mon Jul 17 02:19:49.896543 2023] [:error] [pid 673639] [client 3.143.209.15:51958] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZLSJJXTUyDq7zN9MWDuScwAAAAQ"]
[Mon Jul 17 02:19:49.898055 2023] [:error] [pid 673635] [client 3.143.209.15:51948] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZLSJJeqR2JONb5tmzF-nZwAAAAA"]
[Mon Jul 17 02:19:49.898260 2023] [:error] [pid 673635] [client 3.143.209.15:51948] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZLSJJeqR2JONb5tmzF-nZwAAAAA"]
[Mon Jul 17 02:19:49.898416 2023] [:error] [pid 673635] [client 3.143.209.15:51948] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZLSJJeqR2JONb5tmzF-nZwAAAAA"]
[Mon Jul 17 02:19:49.899746 2023] [:error] [pid 673636] [client 3.143.209.15:51984] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZLSJJT4zPyLpySdBdU6pXwAAAAE"]
[Mon Jul 17 02:19:49.899955 2023] [:error] [pid 673636] [client 3.143.209.15:51984] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZLSJJT4zPyLpySdBdU6pXwAAAAE"]
[Mon Jul 17 02:19:49.900107 2023] [:error] [pid 673636] [client 3.143.209.15:51984] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZLSJJT4zPyLpySdBdU6pXwAAAAE"]
[Mon Jul 17 02:19:49.901308 2023] [:error] [pid 673785] [client 3.143.209.15:51970] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZLSJJTQiEmrnsFR88eZLYgAAAAU"]
[Mon Jul 17 02:19:49.901472 2023] [:error] [pid 673785] [client 3.143.209.15:51970] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZLSJJTQiEmrnsFR88eZLYgAAAAU"]
[Mon Jul 17 02:19:49.901596 2023] [:error] [pid 673785] [client 3.143.209.15:51970] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZLSJJTQiEmrnsFR88eZLYgAAAAU"]
[Mon Jul 17 02:19:50.124125 2023] [:error] [pid 674854] [client 3.143.209.15:52012] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /developer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-jgAAAAY"]
[Mon Jul 17 02:19:50.124432 2023] [:error] [pid 674854] [client 3.143.209.15:52012] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-jgAAAAY"]
[Mon Jul 17 02:19:50.124596 2023] [:error] [pid 674854] [client 3.143.209.15:52012] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-jgAAAAY"]
[Mon Jul 17 02:19:50.134022 2023] [:error] [pid 673638] [client 3.143.209.15:51998] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YQAAAAM"]
[Mon Jul 17 02:19:50.134292 2023] [:error] [pid 673638] [client 3.143.209.15:51998] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YQAAAAM"]
[Mon Jul 17 02:19:50.134461 2023] [:error] [pid 673638] [client 3.143.209.15:51998] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YQAAAAM"]
[Mon Jul 17 02:19:50.135310 2023] [:error] [pid 673639] [client 3.143.209.15:52032] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdAAAAAQ"]
[Mon Jul 17 02:19:50.135519 2023] [:error] [pid 673639] [client 3.143.209.15:52032] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdAAAAAQ"]
[Mon Jul 17 02:19:50.135643 2023] [:error] [pid 673639] [client 3.143.209.15:52032] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdAAAAAQ"]
[Mon Jul 17 02:19:50.135697 2023] [:error] [pid 673636] [client 3.143.209.15:52048] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYAAAAAE"]
[Mon Jul 17 02:19:50.135906 2023] [:error] [pid 673636] [client 3.143.209.15:52048] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYAAAAAE"]
[Mon Jul 17 02:19:50.136039 2023] [:error] [pid 673636] [client 3.143.209.15:52048] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYAAAAAE"]
[Mon Jul 17 02:19:50.136968 2023] [:error] [pid 673637] [client 3.143.209.15:51966] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPQAAAAI"]
[Mon Jul 17 02:19:50.137148 2023] [:error] [pid 673637] [client 3.143.209.15:51966] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPQAAAAI"]
[Mon Jul 17 02:19:50.137268 2023] [:error] [pid 673637] [client 3.143.209.15:51966] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPQAAAAI"]
[Mon Jul 17 02:19:50.141035 2023] [:error] [pid 673635] [client 3.143.209.15:52054] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /m/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-naAAAAAA"]
[Mon Jul 17 02:19:50.141237 2023] [:error] [pid 673635] [client 3.143.209.15:52054] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-naAAAAAA"]
[Mon Jul 17 02:19:50.141368 2023] [:error] [pid 673635] [client 3.143.209.15:52054] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-naAAAAAA"]
[Mon Jul 17 02:19:50.142469 2023] [:error] [pid 673785] [client 3.143.209.15:52024] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLYwAAAAU"]
[Mon Jul 17 02:19:50.142637 2023] [:error] [pid 673785] [client 3.143.209.15:52024] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLYwAAAAU"]
[Mon Jul 17 02:19:50.142776 2023] [:error] [pid 673785] [client 3.143.209.15:52024] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLYwAAAAU"]
[Mon Jul 17 02:19:50.361668 2023] [:error] [pid 674854] [client 3.143.209.15:52052] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-jwAAAAY"]
[Mon Jul 17 02:19:50.361916 2023] [:error] [pid 674854] [client 3.143.209.15:52052] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-jwAAAAY"]
[Mon Jul 17 02:19:50.362060 2023] [:error] [pid 674854] [client 3.143.209.15:52052] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-jwAAAAY"]
[Mon Jul 17 02:19:50.369190 2023] [:error] [pid 673638] [client 3.143.209.15:52074] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /gateway/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YgAAAAM"]
[Mon Jul 17 02:19:50.369419 2023] [:error] [pid 673638] [client 3.143.209.15:52074] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YgAAAAM"]
[Mon Jul 17 02:19:50.369551 2023] [:error] [pid 673638] [client 3.143.209.15:52074] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YgAAAAM"]
[Mon Jul 17 02:19:50.372448 2023] [:error] [pid 673636] [client 3.143.209.15:52096] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /qa/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYQAAAAE"]
[Mon Jul 17 02:19:50.372620 2023] [:error] [pid 673636] [client 3.143.209.15:52096] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYQAAAAE"]
[Mon Jul 17 02:19:50.372779 2023] [:error] [pid 673636] [client 3.143.209.15:52096] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYQAAAAE"]
[Mon Jul 17 02:19:50.373542 2023] [:error] [pid 673639] [client 3.143.209.15:52082] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdQAAAAQ"]
[Mon Jul 17 02:19:50.373710 2023] [:error] [pid 673639] [client 3.143.209.15:52082] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdQAAAAQ"]
[Mon Jul 17 02:19:50.373829 2023] [:error] [pid 673639] [client 3.143.209.15:52082] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdQAAAAQ"]
[Mon Jul 17 02:19:50.380117 2023] [:error] [pid 673635] [client 3.143.209.15:52062] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /new/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-naQAAAAA"]
[Mon Jul 17 02:19:50.380282 2023] [:error] [pid 673635] [client 3.143.209.15:52062] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-naQAAAAA"]
[Mon Jul 17 02:19:50.380405 2023] [:error] [pid 673635] [client 3.143.209.15:52062] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-naQAAAAA"]
[Mon Jul 17 02:19:50.380641 2023] [:error] [pid 673637] [client 3.143.209.15:52122] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /samples/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPgAAAAI"]
[Mon Jul 17 02:19:50.380818 2023] [:error] [pid 673637] [client 3.143.209.15:52122] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPgAAAAI"]
[Mon Jul 17 02:19:50.380940 2023] [:error] [pid 673637] [client 3.143.209.15:52122] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPgAAAAI"]
[Mon Jul 17 02:19:50.382003 2023] [:error] [pid 673785] [client 3.143.209.15:52146] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /test/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZAAAAAU"]
[Mon Jul 17 02:19:50.382173 2023] [:error] [pid 673785] [client 3.143.209.15:52146] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZAAAAAU"]
[Mon Jul 17 02:19:50.382294 2023] [:error] [pid 673785] [client 3.143.209.15:52146] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZAAAAAU"]
[Mon Jul 17 02:19:50.600216 2023] [:error] [pid 674854] [client 3.143.209.15:52162] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-kAAAAAY"]
[Mon Jul 17 02:19:50.600449 2023] [:error] [pid 674854] [client 3.143.209.15:52162] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-kAAAAAY"]
[Mon Jul 17 02:19:50.600596 2023] [:error] [pid 674854] [client 3.143.209.15:52162] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-kAAAAAY"]
[Mon Jul 17 02:19:50.607717 2023] [:error] [pid 673638] [client 3.143.209.15:52112] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YwAAAAM"]
[Mon Jul 17 02:19:50.607927 2023] [:error] [pid 673638] [client 3.143.209.15:52112] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YwAAAAM"]
[Mon Jul 17 02:19:50.608048 2023] [:error] [pid 673638] [client 3.143.209.15:52112] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_YwAAAAM"]
[Mon Jul 17 02:19:50.609549 2023] [:error] [pid 673636] [client 3.143.209.15:52130] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /static/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYgAAAAE"]
[Mon Jul 17 02:19:50.609767 2023] [:error] [pid 673636] [client 3.143.209.15:52130] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYgAAAAE"]
[Mon Jul 17 02:19:50.609914 2023] [:error] [pid 673636] [client 3.143.209.15:52130] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYgAAAAE"]
[Mon Jul 17 02:19:50.611585 2023] [:error] [pid 673639] [client 3.143.209.15:52164] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdgAAAAQ"]
[Mon Jul 17 02:19:50.611748 2023] [:error] [pid 673639] [client 3.143.209.15:52164] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdgAAAAQ"]
[Mon Jul 17 02:19:50.611865 2023] [:error] [pid 673639] [client 3.143.209.15:52164] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdgAAAAQ"]
[Mon Jul 17 02:19:50.616064 2023] [:error] [pid 673785] [client 3.143.209.15:52172] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /git/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZQAAAAU"]
[Mon Jul 17 02:19:50.616244 2023] [:error] [pid 673785] [client 3.143.209.15:52172] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZQAAAAU"]
[Mon Jul 17 02:19:50.616362 2023] [:error] [pid 673785] [client 3.143.209.15:52172] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZQAAAAU"]
[Mon Jul 17 02:19:50.618555 2023] [:error] [pid 673635] [client 3.143.209.15:52188] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-nagAAAAA"]
[Mon Jul 17 02:19:50.618726 2023] [:error] [pid 673635] [client 3.143.209.15:52188] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-nagAAAAA"]
[Mon Jul 17 02:19:50.618862 2023] [:error] [pid 673635] [client 3.143.209.15:52188] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-nagAAAAA"]
[Mon Jul 17 02:19:50.623169 2023] [:error] [pid 673637] [client 3.143.209.15:52184] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPwAAAAI"]
[Mon Jul 17 02:19:50.623314 2023] [:error] [pid 673637] [client 3.143.209.15:52184] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPwAAAAI"]
[Mon Jul 17 02:19:50.623435 2023] [:error] [pid 673637] [client 3.143.209.15:52184] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlPwAAAAI"]
[Mon Jul 17 02:19:50.835879 2023] [:error] [pid 674854] [client 3.143.209.15:52202] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /alpha/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-kQAAAAY"]
[Mon Jul 17 02:19:50.836110 2023] [:error] [pid 674854] [client 3.143.209.15:52202] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-kQAAAAY"]
[Mon Jul 17 02:19:50.836246 2023] [:error] [pid 674854] [client 3.143.209.15:52202] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZLSJJi-vjPWa8Z17cvt-kQAAAAY"]
[Mon Jul 17 02:19:50.846881 2023] [:error] [pid 673639] [client 3.143.209.15:52222] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdwAAAAQ"]
[Mon Jul 17 02:19:50.847101 2023] [:error] [pid 673639] [client 3.143.209.15:52222] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdwAAAAQ"]
[Mon Jul 17 02:19:50.847254 2023] [:error] [pid 673639] [client 3.143.209.15:52222] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZLSJJnTUyDq7zN9MWDuSdwAAAAQ"]
[Mon Jul 17 02:19:50.849637 2023] [:error] [pid 673636] [client 3.143.209.15:52192] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYwAAAAE"]
[Mon Jul 17 02:19:50.849881 2023] [:error] [pid 673636] [client 3.143.209.15:52192] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYwAAAAE"]
[Mon Jul 17 02:19:50.850005 2023] [:error] [pid 673636] [client 3.143.209.15:52192] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZLSJJj4zPyLpySdBdU6pYwAAAAE"]
[Mon Jul 17 02:19:50.851093 2023] [:error] [pid 673638] [client 3.143.209.15:52218] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_ZAAAAAM"]
[Mon Jul 17 02:19:50.851261 2023] [:error] [pid 673638] [client 3.143.209.15:52218] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_ZAAAAAM"]
[Mon Jul 17 02:19:50.851278 2023] [:error] [pid 673785] [client 3.143.209.15:52270] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZgAAAAU"]
[Mon Jul 17 02:19:50.851392 2023] [:error] [pid 673638] [client 3.143.209.15:52218] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZLSJJqf8b0BmNA89Kdw_ZAAAAAM"]
[Mon Jul 17 02:19:50.851471 2023] [:error] [pid 673785] [client 3.143.209.15:52270] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZgAAAAU"]
[Mon Jul 17 02:19:50.851613 2023] [:error] [pid 673785] [client 3.143.209.15:52270] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZLSJJjQiEmrnsFR88eZLZgAAAAU"]
[Mon Jul 17 02:19:50.853939 2023] [:error] [pid 673635] [client 3.143.209.15:52296] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-nawAAAAA"]
[Mon Jul 17 02:19:50.854101 2023] [:error] [pid 673635] [client 3.143.209.15:52296] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-nawAAAAA"]
[Mon Jul 17 02:19:50.854221 2023] [:error] [pid 673635] [client 3.143.209.15:52296] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZLSJJuqR2JONb5tmzF-nawAAAAA"]
[Mon Jul 17 02:19:50.865215 2023] [:error] [pid 673637] [client 3.143.209.15:52348] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /old-cuburn/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlQAAAAAI"]
[Mon Jul 17 02:19:50.865386 2023] [:error] [pid 673637] [client 3.143.209.15:52348] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlQAAAAAI"]
[Mon Jul 17 02:19:50.865506 2023] [:error] [pid 673637] [client 3.143.209.15:52348] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZLSJJoZYX_VnrzSUhoVlQAAAAAI"]
[Mon Jul 17 02:19:51.072698 2023] [:error] [pid 674854] [client 3.143.209.15:52280] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-kgAAAAY"]
[Mon Jul 17 02:19:51.072936 2023] [:error] [pid 674854] [client 3.143.209.15:52280] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-kgAAAAY"]
[Mon Jul 17 02:19:51.073080 2023] [:error] [pid 674854] [client 3.143.209.15:52280] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-kgAAAAY"]
[Mon Jul 17 02:19:51.079596 2023] [:error] [pid 673639] [client 3.143.209.15:52244] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /__macosx/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSeAAAAAQ"]
[Mon Jul 17 02:19:51.079810 2023] [:error] [pid 673639] [client 3.143.209.15:52244] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSeAAAAAQ"]
[Mon Jul 17 02:19:51.079933 2023] [:error] [pid 673639] [client 3.143.209.15:52244] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSeAAAAAQ"]
[Mon Jul 17 02:19:51.086631 2023] [:error] [pid 673785] [client 3.143.209.15:52238] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repos/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLZwAAAAU"]
[Mon Jul 17 02:19:51.086831 2023] [:error] [pid 673785] [client 3.143.209.15:52238] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLZwAAAAU"]
[Mon Jul 17 02:19:51.086958 2023] [:error] [pid 673785] [client 3.143.209.15:52238] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLZwAAAAU"]
[Mon Jul 17 02:19:51.087860 2023] [:error] [pid 673638] [client 3.143.209.15:52320] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZQAAAAM"]
[Mon Jul 17 02:19:51.088022 2023] [:error] [pid 673638] [client 3.143.209.15:52320] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZQAAAAM"]
[Mon Jul 17 02:19:51.088170 2023] [:error] [pid 673638] [client 3.143.209.15:52320] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZQAAAAM"]
[Mon Jul 17 02:19:51.089056 2023] [:error] [pid 673636] [client 3.143.209.15:52312] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZAAAAAE"]
[Mon Jul 17 02:19:51.089227 2023] [:error] [pid 673636] [client 3.143.209.15:52312] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZAAAAAE"]
[Mon Jul 17 02:19:51.089347 2023] [:error] [pid 673636] [client 3.143.209.15:52312] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZAAAAAE"]
[Mon Jul 17 02:19:51.092134 2023] [:error] [pid 673635] [client 3.143.209.15:52362] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbAAAAAA"]
[Mon Jul 17 02:19:51.092380 2023] [:error] [pid 673635] [client 3.143.209.15:52362] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbAAAAAA"]
[Mon Jul 17 02:19:51.092568 2023] [:error] [pid 673635] [client 3.143.209.15:52362] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbAAAAAA"]
[Mon Jul 17 02:19:51.106521 2023] [:error] [pid 673637] [client 3.143.209.15:52336] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQQAAAAI"]
[Mon Jul 17 02:19:51.106699 2023] [:error] [pid 673637] [client 3.143.209.15:52336] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQQAAAAI"]
[Mon Jul 17 02:19:51.106825 2023] [:error] [pid 673637] [client 3.143.209.15:52336] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQQAAAAI"]
[Mon Jul 17 02:19:51.135242 2023] [:error] [pid 674855] [client 3.143.209.15:52258] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtQAAAAc"]
[Mon Jul 17 02:19:51.135465 2023] [:error] [pid 674855] [client 3.143.209.15:52258] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtQAAAAc"]
[Mon Jul 17 02:19:51.135634 2023] [:error] [pid 674855] [client 3.143.209.15:52258] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtQAAAAc"]
[Mon Jul 17 02:19:51.305994 2023] [:error] [pid 674854] [client 3.143.209.15:52366] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-kwAAAAY"]
[Mon Jul 17 02:19:51.306226 2023] [:error] [pid 674854] [client 3.143.209.15:52366] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-kwAAAAY"]
[Mon Jul 17 02:19:51.306364 2023] [:error] [pid 674854] [client 3.143.209.15:52366] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-kwAAAAY"]
[Mon Jul 17 02:19:51.312294 2023] [:error] [pid 673639] [client 3.143.209.15:52372] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /build/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSeQAAAAQ"]
[Mon Jul 17 02:19:51.312498 2023] [:error] [pid 673639] [client 3.143.209.15:52372] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSeQAAAAQ"]
[Mon Jul 17 02:19:51.312629 2023] [:error] [pid 673639] [client 3.143.209.15:52372] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSeQAAAAQ"]
[Mon Jul 17 02:19:51.323350 2023] [:error] [pid 673785] [client 3.143.209.15:52380] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /aomanalyzer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLaAAAAAU"]
[Mon Jul 17 02:19:51.323551 2023] [:error] [pid 673785] [client 3.143.209.15:52380] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLaAAAAAU"]
[Mon Jul 17 02:19:51.323705 2023] [:error] [pid 673785] [client 3.143.209.15:52380] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLaAAAAAU"]
[Mon Jul 17 02:19:51.326007 2023] [:error] [pid 673636] [client 3.143.209.15:52400] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZQAAAAE"]
[Mon Jul 17 02:19:51.326209 2023] [:error] [pid 673636] [client 3.143.209.15:52400] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZQAAAAE"]
[Mon Jul 17 02:19:51.326354 2023] [:error] [pid 673636] [client 3.143.209.15:52400] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZQAAAAE"]
[Mon Jul 17 02:19:51.327794 2023] [:error] [pid 673638] [client 3.143.209.15:52388] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-includes/js/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZgAAAAM"]
[Mon Jul 17 02:19:51.328051 2023] [:error] [pid 673638] [client 3.143.209.15:52388] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZgAAAAM"]
[Mon Jul 17 02:19:51.328189 2023] [:error] [pid 673638] [client 3.143.209.15:52388] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZgAAAAM"]
[Mon Jul 17 02:19:51.332438 2023] [:error] [pid 673635] [client 3.143.209.15:52408] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbQAAAAA"]
[Mon Jul 17 02:19:51.332589 2023] [:error] [pid 673635] [client 3.143.209.15:52408] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbQAAAAA"]
[Mon Jul 17 02:19:51.332732 2023] [:error] [pid 673635] [client 3.143.209.15:52408] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbQAAAAA"]
[Mon Jul 17 02:19:51.344401 2023] [:error] [pid 673637] [client 3.143.209.15:52450] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQgAAAAI"]
[Mon Jul 17 02:19:51.344561 2023] [:error] [pid 673637] [client 3.143.209.15:52450] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQgAAAAI"]
[Mon Jul 17 02:19:51.344680 2023] [:error] [pid 673637] [client 3.143.209.15:52450] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQgAAAAI"]
[Mon Jul 17 02:19:51.380713 2023] [:error] [pid 674855] [client 3.143.209.15:52414] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtgAAAAc"]
[Mon Jul 17 02:19:51.380892 2023] [:error] [pid 674855] [client 3.143.209.15:52414] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtgAAAAc"]
[Mon Jul 17 02:19:51.381039 2023] [:error] [pid 674855] [client 3.143.209.15:52414] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtgAAAAc"]
[Mon Jul 17 02:19:51.542663 2023] [:error] [pid 674854] [client 3.143.209.15:52418] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-lAAAAAY"]
[Mon Jul 17 02:19:51.542906 2023] [:error] [pid 674854] [client 3.143.209.15:52418] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-lAAAAAY"]
[Mon Jul 17 02:19:51.543052 2023] [:error] [pid 674854] [client 3.143.209.15:52418] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-lAAAAAY"]
[Mon Jul 17 02:19:51.549027 2023] [:error] [pid 673639] [client 3.143.209.15:52434] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSegAAAAQ"]
[Mon Jul 17 02:19:51.549235 2023] [:error] [pid 673639] [client 3.143.209.15:52434] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSegAAAAQ"]
[Mon Jul 17 02:19:51.549374 2023] [:error] [pid 673639] [client 3.143.209.15:52434] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSegAAAAQ"]
[Mon Jul 17 02:19:51.553349 2023] [:error] [pid 673785] [client 3.143.209.15:52466] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repository/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLaQAAAAU"]
[Mon Jul 17 02:19:51.553532 2023] [:error] [pid 673785] [client 3.143.209.15:52466] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLaQAAAAU"]
[Mon Jul 17 02:19:51.553655 2023] [:error] [pid 673785] [client 3.143.209.15:52466] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLaQAAAAU"]
[Mon Jul 17 02:19:51.561252 2023] [:error] [pid 673636] [client 3.143.209.15:52464] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /flock/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZgAAAAE"]
[Mon Jul 17 02:19:51.561428 2023] [:error] [pid 673636] [client 3.143.209.15:52464] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZgAAAAE"]
[Mon Jul 17 02:19:51.561561 2023] [:error] [pid 673636] [client 3.143.209.15:52464] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZgAAAAE"]
[Mon Jul 17 02:19:51.563213 2023] [:error] [pid 673638] [client 3.143.209.15:52482] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wiki/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZwAAAAM"]
[Mon Jul 17 02:19:51.564507 2023] [:error] [pid 673638] [client 3.143.209.15:52482] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZwAAAAM"]
[Mon Jul 17 02:19:51.564641 2023] [:error] [pid 673638] [client 3.143.209.15:52482] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_ZwAAAAM"]
[Mon Jul 17 02:19:51.570143 2023] [:error] [pid 673635] [client 3.143.209.15:52502] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /store/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbgAAAAA"]
[Mon Jul 17 02:19:51.570311 2023] [:error] [pid 673635] [client 3.143.209.15:52502] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbgAAAAA"]
[Mon Jul 17 02:19:51.570434 2023] [:error] [pid 673635] [client 3.143.209.15:52502] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbgAAAAA"]
[Mon Jul 17 02:19:51.580187 2023] [:error] [pid 673637] [client 3.143.209.15:52514] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQwAAAAI"]
[Mon Jul 17 02:19:51.580370 2023] [:error] [pid 673637] [client 3.143.209.15:52514] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQwAAAAI"]
[Mon Jul 17 02:19:51.580492 2023] [:error] [pid 673637] [client 3.143.209.15:52514] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlQwAAAAI"]
[Mon Jul 17 02:19:51.624935 2023] [:error] [pid 674855] [client 3.143.209.15:52494] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /demo/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtwAAAAc"]
[Mon Jul 17 02:19:51.625149 2023] [:error] [pid 674855] [client 3.143.209.15:52494] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtwAAAAc"]
[Mon Jul 17 02:19:51.625290 2023] [:error] [pid 674855] [client 3.143.209.15:52494] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrdtwAAAAc"]
[Mon Jul 17 02:19:51.782643 2023] [:error] [pid 674854] [client 3.143.209.15:52522] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-lQAAAAY"]
[Mon Jul 17 02:19:51.782893 2023] [:error] [pid 674854] [client 3.143.209.15:52522] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-lQAAAAY"]
[Mon Jul 17 02:19:51.783034 2023] [:error] [pid 674854] [client 3.143.209.15:52522] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZLSJJy-vjPWa8Z17cvt-lQAAAAY"]
[Mon Jul 17 02:19:51.786253 2023] [:error] [pid 673785] [client 3.143.209.15:52526] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLagAAAAU"]
[Mon Jul 17 02:19:51.786476 2023] [:error] [pid 673785] [client 3.143.209.15:52526] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLagAAAAU"]
[Mon Jul 17 02:19:51.786616 2023] [:error] [pid 673785] [client 3.143.209.15:52526] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZLSJJzQiEmrnsFR88eZLagAAAAU"]
[Mon Jul 17 02:19:51.792290 2023] [:error] [pid 673639] [client 3.143.209.15:52532] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSewAAAAQ"]
[Mon Jul 17 02:19:51.792494 2023] [:error] [pid 673639] [client 3.143.209.15:52532] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSewAAAAQ"]
[Mon Jul 17 02:19:51.792637 2023] [:error] [pid 673639] [client 3.143.209.15:52532] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZLSJJ3TUyDq7zN9MWDuSewAAAAQ"]
[Mon Jul 17 02:19:51.793900 2023] [:error] [pid 673638] [client 3.143.209.15:52548] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets../.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_aAAAAAM"]
[Mon Jul 17 02:19:51.794069 2023] [:error] [pid 673638] [client 3.143.209.15:52548] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets../.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_aAAAAAM"]
[Mon Jul 17 02:19:51.794189 2023] [:error] [pid 673638] [client 3.143.209.15:52548] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets../.git/config"] [unique_id "ZLSJJ6f8b0BmNA89Kdw_aAAAAAM"]
[Mon Jul 17 02:19:51.796410 2023] [:error] [pid 673636] [client 3.143.209.15:52570] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZwAAAAE"]
[Mon Jul 17 02:19:51.796616 2023] [:error] [pid 673636] [client 3.143.209.15:52570] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZwAAAAE"]
[Mon Jul 17 02:19:51.796740 2023] [:error] [pid 673636] [client 3.143.209.15:52570] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "ZLSJJz4zPyLpySdBdU6pZwAAAAE"]
[Mon Jul 17 02:19:51.808659 2023] [:error] [pid 673635] [client 3.143.209.15:52558] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbwAAAAA"]
[Mon Jul 17 02:19:51.808826 2023] [:error] [pid 673635] [client 3.143.209.15:52558] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbwAAAAA"]
[Mon Jul 17 02:19:51.808948 2023] [:error] [pid 673635] [client 3.143.209.15:52558] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "ZLSJJ-qR2JONb5tmzF-nbwAAAAA"]
[Mon Jul 17 02:19:51.820010 2023] [:error] [pid 673637] [client 3.143.209.15:52556] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlRAAAAAI"]
[Mon Jul 17 02:19:51.820171 2023] [:error] [pid 673637] [client 3.143.209.15:52556] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlRAAAAAI"]
[Mon Jul 17 02:19:51.820287 2023] [:error] [pid 673637] [client 3.143.209.15:52556] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "ZLSJJ4ZYX_VnrzSUhoVlRAAAAAI"]
[Mon Jul 17 02:19:51.869283 2023] [:error] [pid 674855] [client 3.143.209.15:52572] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrduAAAAAc"]
[Mon Jul 17 02:19:51.869462 2023] [:error] [pid 674855] [client 3.143.209.15:52572] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrduAAAAAc"]
[Mon Jul 17 02:19:51.869591 2023] [:error] [pid 674855] [client 3.143.209.15:52572] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "ZLSJJ74FjXGmLhvm8jrduAAAAAc"]
[Mon Jul 17 02:19:52.020257 2023] [:error] [pid 674854] [client 3.143.209.15:52578] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /live/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZLSJKC-vjPWa8Z17cvt-lgAAAAY"]
[Mon Jul 17 02:19:52.023736 2023] [:error] [pid 674854] [client 3.143.209.15:52578] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZLSJKC-vjPWa8Z17cvt-lgAAAAY"]
[Mon Jul 17 02:19:52.023893 2023] [:error] [pid 674854] [client 3.143.209.15:52578] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZLSJKC-vjPWa8Z17cvt-lgAAAAY"]
[Mon Jul 17 02:19:52.027919 2023] [:error] [pid 673785] [client 3.143.209.15:52592] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZLSJKDQiEmrnsFR88eZLawAAAAU"]
[Mon Jul 17 02:19:52.028115 2023] [:error] [pid 673785] [client 3.143.209.15:52592] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZLSJKDQiEmrnsFR88eZLawAAAAU"]
[Mon Jul 17 02:19:52.028265 2023] [:error] [pid 673785] [client 3.143.209.15:52592] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZLSJKDQiEmrnsFR88eZLawAAAAU"]
[Mon Jul 17 02:19:52.029476 2023] [:error] [pid 673636] [client 3.143.209.15:52614] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZLSJKD4zPyLpySdBdU6paAAAAAE"]
[Mon Jul 17 02:19:52.029650 2023] [:error] [pid 673636] [client 3.143.209.15:52614] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZLSJKD4zPyLpySdBdU6paAAAAAE"]
[Mon Jul 17 02:19:52.029770 2023] [:error] [pid 673636] [client 3.143.209.15:52614] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZLSJKD4zPyLpySdBdU6paAAAAAE"]
[Mon Jul 17 02:19:52.030790 2023] [:error] [pid 673639] [client 3.143.209.15:52628] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZLSJKHTUyDq7zN9MWDuSfAAAAAQ"]
[Mon Jul 17 02:19:52.030940 2023] [:error] [pid 673639] [client 3.143.209.15:52628] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZLSJKHTUyDq7zN9MWDuSfAAAAAQ"]
[Mon Jul 17 02:19:52.031058 2023] [:error] [pid 673639] [client 3.143.209.15:52628] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZLSJKHTUyDq7zN9MWDuSfAAAAAQ"]
[Mon Jul 17 02:19:52.031996 2023] [:error] [pid 673638] [client 3.143.209.15:52608] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /user/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZLSJKKf8b0BmNA89Kdw_aQAAAAM"]
[Mon Jul 17 02:19:52.032159 2023] [:error] [pid 673638] [client 3.143.209.15:52608] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZLSJKKf8b0BmNA89Kdw_aQAAAAM"]
[Mon Jul 17 02:19:52.032272 2023] [:error] [pid 673638] [client 3.143.209.15:52608] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZLSJKKf8b0BmNA89Kdw_aQAAAAM"]
[Mon Jul 17 02:19:52.046574 2023] [:error] [pid 673635] [client 3.143.209.15:52638] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZLSJKOqR2JONb5tmzF-ncAAAAAA"]
[Mon Jul 17 02:19:52.046803 2023] [:error] [pid 673635] [client 3.143.209.15:52638] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZLSJKOqR2JONb5tmzF-ncAAAAAA"]
[Mon Jul 17 02:19:52.046965 2023] [:error] [pid 673635] [client 3.143.209.15:52638] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZLSJKOqR2JONb5tmzF-ncAAAAAA"]
[Mon Jul 17 02:19:52.058877 2023] [:error] [pid 673637] [client 3.143.209.15:52654] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /amphtml/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZLSJKIZYX_VnrzSUhoVlRQAAAAI"]
[Mon Jul 17 02:19:52.059059 2023] [:error] [pid 673637] [client 3.143.209.15:52654] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZLSJKIZYX_VnrzSUhoVlRQAAAAI"]
[Mon Jul 17 02:19:52.059185 2023] [:error] [pid 673637] [client 3.143.209.15:52654] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZLSJKIZYX_VnrzSUhoVlRQAAAAI"]
[Mon Jul 17 02:19:52.107536 2023] [:error] [pid 674855] [client 3.143.209.15:52640] [client 3.143.209.15] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /a/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZLSJKL4FjXGmLhvm8jrduQAAAAc"]
[Mon Jul 17 02:19:52.107752 2023] [:error] [pid 674855] [client 3.143.209.15:52640] [client 3.143.209.15] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZLSJKL4FjXGmLhvm8jrduQAAAAc"]
[Mon Jul 17 02:19:52.107884 2023] [:error] [pid 674855] [client 3.143.209.15:52640] [client 3.143.209.15] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZLSJKL4FjXGmLhvm8jrduQAAAAc"]
[Fri Jul 21 09:48:05.672229 2023] [proxy_http:error] [pid 743143] (104)Connection reset by peer: [client 213.21.147.71:49898] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:42:34.974765 2023] [:error] [pid 820326] [client 2.41.184.72:63912] [client 2.41.184.72] ModSecurity: Warning. Pattern match "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\"=]" at FILES:image. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "114"] [id "920120"] [msg "Attempted multipart/form-data bypass"] [data "Shampoo all'Aloe Vera Biologico.png"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ae6cbf85261bdd77137"] [unique_id "ZL-K9wB7Q0EkBoGylG3jegAAAAg"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:42:34.982387 2023] [:error] [pid 820326] [client 2.41.184.72:63912] [client 2.41.184.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ae6cbf85261bdd77137"] [unique_id "ZL-K9wB7Q0EkBoGylG3jegAAAAg"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:42:34.982570 2023] [:error] [pid 820326] [client 2.41.184.72:63912] [client 2.41.184.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ae6cbf85261bdd77137"] [unique_id "ZL-K9wB7Q0EkBoGylG3jegAAAAg"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:48:00.810008 2023] [:error] [pid 820490] [client 2.41.184.72:64004] [client 2.41.184.72] ModSecurity: Warning. Pattern match "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\"=]" at FILES:image. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "114"] [id "920120"] [msg "Attempted multipart/form-data bypass"] [data "Maschera all'Alga Spirulina.png"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8c2fcbf85261bdd7731f"] [unique_id "ZL-MPx9fPbB_j7wBll7qawAAAAw"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:48:00.812163 2023] [:error] [pid 820490] [client 2.41.184.72:64004] [client 2.41.184.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8c2fcbf85261bdd7731f"] [unique_id "ZL-MPx9fPbB_j7wBll7qawAAAAw"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:48:00.812381 2023] [:error] [pid 820490] [client 2.41.184.72:64004] [client 2.41.184.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8c2fcbf85261bdd7731f"] [unique_id "ZL-MPx9fPbB_j7wBll7qawAAAAw"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:03.067846 2023] [:error] [pid 820531] [client 2.41.184.72:64028] [client 2.41.184.72] ModSecurity: Warning. Pattern match "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\"=]" at FILES:image. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "114"] [id "920120"] [msg "Attempted multipart/form-data bypass"] [data "Balsamo Labbra all'Olio di Mandorle.png"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-M9oK81Vzu9nnXMTmohwAAAA0"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:03.069878 2023] [:error] [pid 820531] [client 2.41.184.72:64028] [client 2.41.184.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-M9oK81Vzu9nnXMTmohwAAAA0"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:03.070056 2023] [:error] [pid 820531] [client 2.41.184.72:64028] [client 2.41.184.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-M9oK81Vzu9nnXMTmohwAAAA0"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:30.021861 2023] [:error] [pid 820530] [client 2.41.184.72:64042] [client 2.41.184.72] ModSecurity: Warning. Pattern match "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\"=]" at FILES:image. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "114"] [id "920120"] [msg "Attempted multipart/form-data bypass"] [data "Balsamo Labbra all'Olio di Mandorle.png"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-NEQvNbwSrajZnfj2eYQAAAAs"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:30.023860 2023] [:error] [pid 820530] [client 2.41.184.72:64042] [client 2.41.184.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-NEQvNbwSrajZnfj2eYQAAAAs"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:30.024050 2023] [:error] [pid 820530] [client 2.41.184.72:64042] [client 2.41.184.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-NEQvNbwSrajZnfj2eYQAAAAs"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:40.030969 2023] [:error] [pid 820331] [client 2.41.184.72:64044] [client 2.41.184.72] ModSecurity: Warning. Pattern match "(?<!&(?:[aAoOuUyY]uml)|&(?:[aAeEiIoOuU]circ)|&(?:[eEiIoOuUyY]acute)|&(?:[aAeEiIoOuU]grave)|&(?:[cC]cedil)|&(?:[aAnNoO]tilde)|&(?:amp)|&(?:apos));|['\\"=]" at FILES:image. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "114"] [id "920120"] [msg "Attempted multipart/form-data bypass"] [data "Balsamo Labbra all'Olio di Mandorle.png"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-NG2OnTREWD_eSrDgjewAAAAM"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:40.033065 2023] [:error] [pid 820331] [client 2.41.184.72:64044] [client 2.41.184.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-NG2OnTREWD_eSrDgjewAAAAM"], referer: https://pms.test.indacotrentino.com/
[Tue Jul 25 10:51:40.033256 2023] [:error] [pid 820331] [client 2.41.184.72:64044] [client 2.41.184.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/64bf8ce1b891f80de75a15a4"] [unique_id "ZL-NG2OnTREWD_eSrDgjewAAAAM"], referer: https://pms.test.indacotrentino.com/
[Thu Jul 27 15:54:42.908571 2023] [proxy_http:error] [pid 991516] (70007)The timeout specified has expired: [client 95.251.150.124:60658] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Thu Jul 27 15:54:42.914541 2023] [proxy:error] [pid 991516] [client 95.251.150.124:60658] AH00898: Error reading from remote server returned by /rest/partners/updateProducts/, referer: https://pms.test.indacotrentino.com/
[Fri Aug 25 21:09:01.721767 2023] [:error] [pid 1484612] [client 193.189.100.199:14301] [client 193.189.100.199] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZOj8TVkTZhALfmFC5W_ShwAAAAk"]
[Fri Aug 25 21:09:01.733678 2023] [:error] [pid 1484612] [client 193.189.100.199:14301] [client 193.189.100.199] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZOj8TVkTZhALfmFC5W_ShwAAAAk"]
[Fri Aug 25 21:09:01.733922 2023] [:error] [pid 1484612] [client 193.189.100.199:14301] [client 193.189.100.199] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZOj8TVkTZhALfmFC5W_ShwAAAAk"]
[Fri Aug 25 21:09:02.548473 2023] [:error] [pid 1482262] [client 198.98.48.20:19510] [client 198.98.48.20] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZOj8TpIciOFN9pUfJPCcigAAAAU"]
[Fri Aug 25 21:09:02.548728 2023] [:error] [pid 1482262] [client 198.98.48.20:19510] [client 198.98.48.20] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZOj8TpIciOFN9pUfJPCcigAAAAU"]
[Fri Aug 25 21:09:02.548935 2023] [:error] [pid 1482262] [client 198.98.48.20:19510] [client 198.98.48.20] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZOj8TpIciOFN9pUfJPCcigAAAAU"]
[Fri Aug 25 21:09:04.622061 2023] [:error] [pid 1486261] [client 109.70.100.67:40216] [client 109.70.100.67] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZOj8UNF2pp5DZL3VMv5JEAAAAAo"]
[Fri Aug 25 21:09:04.622277 2023] [:error] [pid 1486261] [client 109.70.100.67:40216] [client 109.70.100.67] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZOj8UNF2pp5DZL3VMv5JEAAAAAo"]
[Fri Aug 25 21:09:04.622514 2023] [:error] [pid 1486261] [client 109.70.100.67:40216] [client 109.70.100.67] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZOj8UNF2pp5DZL3VMv5JEAAAAAo"]
[Fri Aug 25 21:09:07.094691 2023] [:error] [pid 1486764] [client 192.42.116.182:13520] [client 192.42.116.182] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZOj8Uw0JLuVgTUEpOeM-WAAAAAE"], referer: http://pms.test.indacotrentino.com/.git/config
[Fri Aug 25 21:09:07.094937 2023] [:error] [pid 1486764] [client 192.42.116.182:13520] [client 192.42.116.182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZOj8Uw0JLuVgTUEpOeM-WAAAAAE"], referer: http://pms.test.indacotrentino.com/.git/config
[Fri Aug 25 21:09:07.095125 2023] [:error] [pid 1486764] [client 192.42.116.182:13520] [client 192.42.116.182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZOj8Uw0JLuVgTUEpOeM-WAAAAAE"], referer: http://pms.test.indacotrentino.com/.git/config
[Tue Sep 05 23:20:05.273268 2023] [authz_core:error] [pid 1683920] [client 159.203.182.222:37614] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Tue Sep 05 23:20:06.267441 2023] [:error] [pid 1683889] [client 159.203.182.222:37726] [client 159.203.182.222] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZPebhoIRYN9cvd76Cns0cAAAAAw"]
[Tue Sep 05 23:20:06.267681 2023] [:error] [pid 1683889] [client 159.203.182.222:37726] [client 159.203.182.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZPebhoIRYN9cvd76Cns0cAAAAAw"]
[Tue Sep 05 23:20:06.267857 2023] [:error] [pid 1683889] [client 159.203.182.222:37726] [client 159.203.182.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZPebhoIRYN9cvd76Cns0cAAAAAw"]
[Tue Sep 05 23:20:06.591762 2023] [:error] [pid 1683914] [client 159.203.182.222:37766] [client 159.203.182.222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZPebhslbd9KWWL-2hTQm6AAAAAA"]
[Tue Sep 05 23:20:06.591973 2023] [:error] [pid 1683914] [client 159.203.182.222:37766] [client 159.203.182.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZPebhslbd9KWWL-2hTQm6AAAAAA"]
[Tue Sep 05 23:20:06.592154 2023] [:error] [pid 1683914] [client 159.203.182.222:37766] [client 159.203.182.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZPebhslbd9KWWL-2hTQm6AAAAAA"]
[Tue Sep 05 23:20:07.141388 2023] [:error] [pid 1683923] [client 159.203.182.222:37842] [client 159.203.182.222] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZPebhxCn8c3ZPtq-p-6NPQAAAAY"]
[Tue Sep 05 23:20:07.141659 2023] [:error] [pid 1683923] [client 159.203.182.222:37842] [client 159.203.182.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZPebhxCn8c3ZPtq-p-6NPQAAAAY"]
[Tue Sep 05 23:20:07.141847 2023] [:error] [pid 1683923] [client 159.203.182.222:37842] [client 159.203.182.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZPebhxCn8c3ZPtq-p-6NPQAAAAY"]
[Tue Sep 05 23:20:10.257972 2023] [:error] [pid 1683886] [client 91.213.50.8:59258] [client 91.213.50.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZPebimsYrPEgIt9dXKmbUQAAAAc"]
[Tue Sep 05 23:20:10.258353 2023] [:error] [pid 1683886] [client 91.213.50.8:59258] [client 91.213.50.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZPebimsYrPEgIt9dXKmbUQAAAAc"]
[Tue Sep 05 23:20:10.258574 2023] [:error] [pid 1683886] [client 91.213.50.8:59258] [client 91.213.50.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZPebimsYrPEgIt9dXKmbUQAAAAc"]
[Tue Sep 05 23:20:17.342426 2023] [:error] [pid 1683887] [client 171.67.70.229:51494] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPebkTcFtu3rZuv5iF_-oAAAAAg"]
[Tue Sep 05 23:20:17.346901 2023] [:error] [pid 1683887] [client 171.67.70.229:51494] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPebkTcFtu3rZuv5iF_-oAAAAAg"]
[Tue Sep 05 23:20:17.347123 2023] [:error] [pid 1683887] [client 171.67.70.229:51494] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPebkTcFtu3rZuv5iF_-oAAAAAg"]
[Tue Sep 05 23:20:20.257541 2023] [:error] [pid 1683886] [client 171.67.70.229:35786] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPeblGsYrPEgIt9dXKmbUgAAAAc"]
[Tue Sep 05 23:20:20.257932 2023] [:error] [pid 1683886] [client 171.67.70.229:35786] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPeblGsYrPEgIt9dXKmbUgAAAAc"]
[Tue Sep 05 23:20:20.258122 2023] [:error] [pid 1683886] [client 171.67.70.229:35786] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPeblGsYrPEgIt9dXKmbUgAAAAc"]
[Wed Sep 06 02:41:38.953886 2023] [:error] [pid 1684303] [client 171.67.70.229:50152] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfKwmW8QQh_r7WlGsfEjwAAAAs"]
[Wed Sep 06 02:41:38.954275 2023] [:error] [pid 1684303] [client 171.67.70.229:50152] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfKwmW8QQh_r7WlGsfEjwAAAAs"]
[Wed Sep 06 02:41:38.954443 2023] [:error] [pid 1684303] [client 171.67.70.229:50152] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfKwmW8QQh_r7WlGsfEjwAAAAs"]
[Wed Sep 06 02:42:32.837109 2023] [:error] [pid 1684290] [client 171.67.70.229:34488] [client 171.67.70.229] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfK-MGrv5pMN3IfHwuNSQAAAAg"]
[Wed Sep 06 02:42:32.837490 2023] [:error] [pid 1684290] [client 171.67.70.229:34488] [client 171.67.70.229] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfK-MGrv5pMN3IfHwuNSQAAAAg"]
[Wed Sep 06 02:42:32.837683 2023] [:error] [pid 1684290] [client 171.67.70.229:34488] [client 171.67.70.229] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfK-MGrv5pMN3IfHwuNSQAAAAg"]
[Wed Sep 06 03:20:17.075382 2023] [:error] [pid 1685945] [client 171.67.70.233:56236] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfT0bTPS6-ceyBGo_5kkQAAAAM"]
[Wed Sep 06 03:20:17.076140 2023] [:error] [pid 1685945] [client 171.67.70.233:56236] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfT0bTPS6-ceyBGo_5kkQAAAAM"]
[Wed Sep 06 03:20:17.076451 2023] [:error] [pid 1685945] [client 171.67.70.233:56236] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfT0bTPS6-ceyBGo_5kkQAAAAM"]
[Wed Sep 06 03:20:19.974459 2023] [:error] [pid 1685943] [client 171.67.70.233:43820] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfT0wox8oJoWbfj4dDS4gAAAAE"]
[Wed Sep 06 03:20:19.974864 2023] [:error] [pid 1685943] [client 171.67.70.233:43820] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfT0wox8oJoWbfj4dDS4gAAAAE"]
[Wed Sep 06 03:20:19.975065 2023] [:error] [pid 1685943] [client 171.67.70.233:43820] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPfT0wox8oJoWbfj4dDS4gAAAAE"]
[Wed Sep 06 06:41:38.697278 2023] [:error] [pid 1685944] [client 171.67.70.233:44546] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPgDAsKfuXCymIK6FmqQugAAAAI"]
[Wed Sep 06 06:41:38.699360 2023] [:error] [pid 1685944] [client 171.67.70.233:44546] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPgDAsKfuXCymIK6FmqQugAAAAI"]
[Wed Sep 06 06:41:38.699582 2023] [:error] [pid 1685944] [client 171.67.70.233:44546] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPgDAsKfuXCymIK6FmqQugAAAAI"]
[Wed Sep 06 06:42:33.476399 2023] [:error] [pid 1685942] [client 171.67.70.233:40288] [client 171.67.70.233] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPgDOScBgQoh2jBQa0qQwAAAAAA"]
[Wed Sep 06 06:42:33.476843 2023] [:error] [pid 1685942] [client 171.67.70.233:40288] [client 171.67.70.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPgDOScBgQoh2jBQa0qQwAAAAAA"]
[Wed Sep 06 06:42:33.477032 2023] [:error] [pid 1685942] [client 171.67.70.233:40288] [client 171.67.70.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZPgDOScBgQoh2jBQa0qQwAAAAAA"]
[Wed Sep 06 18:49:46.398319 2023] [:error] [pid 1706048] [client 36.71.218.207:54903] [client 36.71.218.207] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZPitqhDYqRzJtDI5ratE7AAAAA0"]
[Wed Sep 06 18:49:46.399787 2023] [:error] [pid 1706048] [client 36.71.218.207:54903] [client 36.71.218.207] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZPitqhDYqRzJtDI5ratE7AAAAA0"]
[Wed Sep 06 18:49:46.399976 2023] [:error] [pid 1706048] [client 36.71.218.207:54903] [client 36.71.218.207] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZPitqhDYqRzJtDI5ratE7AAAAA0"]
[Wed Sep 06 18:49:46.924698 2023] [:error] [pid 1706102] [client 36.71.218.207:58752] [client 36.71.218.207] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZPitqvPKZ5IgA_-lC1wpFgAAAAo"]
[Wed Sep 06 18:49:46.924922 2023] [:error] [pid 1706102] [client 36.71.218.207:58752] [client 36.71.218.207] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZPitqvPKZ5IgA_-lC1wpFgAAAAo"]
[Wed Sep 06 18:49:46.925090 2023] [:error] [pid 1706102] [client 36.71.218.207:58752] [client 36.71.218.207] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZPitqvPKZ5IgA_-lC1wpFgAAAAo"]
[Tue Sep 12 00:27:55.454120 2023] [:error] [pid 1793795] [client 207.180.201.25:54628] [client 207.180.201.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZP-UazvuxtZbdPg1jhA7tgAAAAM"]
[Tue Sep 12 00:27:55.458147 2023] [:error] [pid 1793795] [client 207.180.201.25:54628] [client 207.180.201.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZP-UazvuxtZbdPg1jhA7tgAAAAM"]
[Tue Sep 12 00:27:55.458344 2023] [:error] [pid 1793795] [client 207.180.201.25:54628] [client 207.180.201.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZP-UazvuxtZbdPg1jhA7tgAAAAM"]
[Tue Sep 12 18:44:45.157136 2023] [:error] [pid 1804267] [client 35.91.77.239:7812] [client 35.91.77.239] ModSecurity: Warning. detected XSS using libinjection. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "59"] [id "941100"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: XSS data found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi.php"] [unique_id "ZQCVfbhgM1mrgTN7zF21QgAAAAo"]
[Tue Sep 12 18:44:45.158931 2023] [:error] [pid 1804267] [client 35.91.77.239:7812] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?i)<script[^>]*>[\\\\s\\\\S]*?" at ARGS:profile. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "90"] [id "941110"] [msg "XSS Filter - Category 1: Script Tag Vector"] [data "Matched Data: <script> found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi.php"] [unique_id "ZQCVfbhgM1mrgTN7zF21QgAAAAo"]
[Tue Sep 12 18:44:45.159053 2023] [:error] [pid 1804267] [client 35.91.77.239:7812] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?i:(?:<\\\\w[\\\\s\\\\S]*[\\\\s\\\\/]|['\\"](?:[\\\\s\\\\S]*[\\\\s\\\\/])?)(?:on(?:d(?:e(?:vice(?:(?:orienta|mo)tion|proximity|found|light)|livery(?:success|error)|activate)|r(?:ag(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)|op)|i(?:s(?:c(?:hargingtimechange ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "218"] [id "941160"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: </script found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi.php"] [unique_id "ZQCVfbhgM1mrgTN7zF21QgAAAAo"]
[Tue Sep 12 18:44:45.159463 2023] [:error] [pid 1804267] [client 35.91.77.239:7812] [client 35.91.77.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi.php"] [unique_id "ZQCVfbhgM1mrgTN7zF21QgAAAAo"]
[Tue Sep 12 18:44:45.159641 2023] [:error] [pid 1804267] [client 35.91.77.239:7812] [client 35.91.77.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=15,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi.php"] [unique_id "ZQCVfbhgM1mrgTN7zF21QgAAAAo"]
[Tue Sep 12 18:44:45.457551 2023] [:error] [pid 1804943] [client 35.91.77.239:7868] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/ajax_pluginconf.php"] [unique_id "ZQCVfUHCu4IUL-MQOEg-JgAAABI"]
[Tue Sep 12 18:44:45.457626 2023] [:error] [pid 1804943] [client 35.91.77.239:7868] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=CustomSQLUtility"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/ajax_pluginconf.php"] [unique_id "ZQCVfUHCu4IUL-MQOEg-JgAAABI"]
[Tue Sep 12 18:44:45.457662 2023] [:error] [pid 1804943] [client 35.91.77.239:7868] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /magmi/web/ajax_pluginconf.php?file=../../../../../../../../../../../etc/passwd&plugintype=utilities&pluginclass=customsqlutility"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/ajax_pluginconf.php"] [unique_id "ZQCVfUHCu4IUL-MQOEg-JgAAABI"]
[Tue Sep 12 18:44:45.457737 2023] [:error] [pid 1804943] [client 35.91.77.239:7868] [client 35.91.77.239] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/ajax_pluginconf.php"] [unique_id "ZQCVfUHCu4IUL-MQOEg-JgAAABI"]
[Tue Sep 12 18:44:45.457890 2023] [:error] [pid 1804943] [client 35.91.77.239:7868] [client 35.91.77.239] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "509"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: etc/passwd found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/ajax_pluginconf.php"] [unique_id "ZQCVfUHCu4IUL-MQOEg-JgAAABI"]
[Tue Sep 12 18:44:45.458576 2023] [:error] [pid 1804943] [client 35.91.77.239:7868] [client 35.91.77.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/ajax_pluginconf.php"] [unique_id "ZQCVfUHCu4IUL-MQOEg-JgAAABI"]
[Tue Sep 12 18:44:45.458731 2023] [:error] [pid 1804943] [client 35.91.77.239:7868] [client 35.91.77.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/ajax_pluginconf.php"] [unique_id "ZQCVfUHCu4IUL-MQOEg-JgAAABI"]
[Tue Sep 12 18:48:33.772383 2023] [:error] [pid 1804935] [client 35.91.77.239:35132] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:m[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*q[\\"\\\\^]*l(?:[\\"\\\\^]*(?:d[\\"\\\\^]*u[\\"\\\\^]*m[\\"\\\\^]*p(?:[\\"\\\\^]*s[\\"\\\\^ ..." at ARGS:query. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "258"] [id "932110"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: { date download_url found within ARGS:query: {customerDownloadableProducts { items { date download_url}} }"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-windows"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/graphql"] [unique_id "ZQCWYUw147bt2311TdSoywAAAAA"]
[Tue Sep 12 18:48:33.772971 2023] [:error] [pid 1804935] [client 35.91.77.239:35132] [client 35.91.77.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/graphql"] [unique_id "ZQCWYUw147bt2311TdSoywAAAAA"]
[Tue Sep 12 18:48:33.773152 2023] [:error] [pid 1804935] [client 35.91.77.239:35132] [client 35.91.77.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/graphql"] [unique_id "ZQCWYUw147bt2311TdSoywAAAAA"]
[Tue Sep 12 18:50:50.190357 2023] [:error] [pid 1804943] [client 35.91.77.239:19218] [client 35.91.77.239] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ZQCW6kHCu4IUL-MQOEg-JwAAABI"]
[Tue Sep 12 18:50:50.190620 2023] [:error] [pid 1804943] [client 35.91.77.239:19218] [client 35.91.77.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ZQCW6kHCu4IUL-MQOEg-JwAAABI"]
[Tue Sep 12 18:50:50.190781 2023] [:error] [pid 1804943] [client 35.91.77.239:19218] [client 35.91.77.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "ZQCW6kHCu4IUL-MQOEg-JwAAABI"]
[Tue Sep 12 18:50:50.696629 2023] [:error] [pid 1804970] [client 35.91.77.239:19224] [client 35.91.77.239] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml.additional"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml.additional"] [unique_id "ZQCW6mbl9GEjRgyZ7xWEkQAAAAI"]
[Tue Sep 12 18:50:50.696906 2023] [:error] [pid 1804970] [client 35.91.77.239:19224] [client 35.91.77.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml.additional"] [unique_id "ZQCW6mbl9GEjRgyZ7xWEkQAAAAI"]
[Tue Sep 12 18:50:50.697171 2023] [:error] [pid 1804970] [client 35.91.77.239:19224] [client 35.91.77.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml.additional"] [unique_id "ZQCW6mbl9GEjRgyZ7xWEkQAAAAI"]
[Tue Sep 12 18:50:51.212482 2023] [:error] [pid 1804805] [client 35.91.77.239:19234] [client 35.91.77.239] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /store/app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/app/etc/local.xml"] [unique_id "ZQCW60R02RG9funUjGi_-wAAAAU"]
[Tue Sep 12 18:50:51.212747 2023] [:error] [pid 1804805] [client 35.91.77.239:19234] [client 35.91.77.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/app/etc/local.xml"] [unique_id "ZQCW60R02RG9funUjGi_-wAAAAU"]
[Tue Sep 12 18:50:51.212912 2023] [:error] [pid 1804805] [client 35.91.77.239:19234] [client 35.91.77.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/app/etc/local.xml"] [unique_id "ZQCW60R02RG9funUjGi_-wAAAAU"]
[Tue Sep 12 18:50:51.452920 2023] [:error] [pid 1804265] [client 35.91.77.239:19236] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:s[\\\\\\\\'\\"]* ..." at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "160"] [id "932105"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ; php found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZQCW65s0zl96xZEaSQf41gAAAAc"]
[Tue Sep 12 18:50:51.453105 2023] [:error] [pid 1804265] [client 35.91.77.239:19236] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:s[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*(?:t[\\"\\\\^]*e[\\"\\\\^]*m[\\"\\\\^]*(?:p[\\"\\\\^]*r[\\"\\\\^]*o[\\"\\\\^]*p[\\"\\\\^]*e ..." at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "298"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ; php found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-windows"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZQCW65s0zl96xZEaSQf41gAAAAc"]
[Tue Sep 12 18:50:51.453469 2023] [:error] [pid 1804265] [client 35.91.77.239:19236] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?:^|=)\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:l[\\\\\\\\'\\"]*(?:s(?:[\\\\\\\\'\\"]*(?:b[\\\\\\\\'\\"]*_[\\\\\\\\'\\"]*r[\\\\\\\\'\\"]*e[\\\\\\\\'\\"]*l[\\\\\\\\' ..." at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "471"] [id "932150"] [msg "Remote Command Execution: Direct Unix Command Execution"] [data "Matched Data: echo found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZQCW65s0zl96xZEaSQf41gAAAAc"]
[Tue Sep 12 18:50:51.453689 2023] [:error] [pid 1804265] [client 35.91.77.239:19236] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "67"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZQCW65s0zl96xZEaSQf41gAAAAc"]
[Tue Sep 12 18:50:51.454112 2023] [:error] [pid 1804265] [client 35.91.77.239:19236] [client 35.91.77.239] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "350"] [id "933160"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo() found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZQCW65s0zl96xZEaSQf41gAAAAc"]
[Tue Sep 12 18:50:51.457686 2023] [:error] [pid 1804265] [client 35.91.77.239:19236] [client 35.91.77.239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZQCW65s0zl96xZEaSQf41gAAAAc"]
[Tue Sep 12 18:50:51.457845 2023] [:error] [pid 1804265] [client 35.91.77.239:19236] [client 35.91.77.239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=15,PHPI=10,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZQCW65s0zl96xZEaSQf41gAAAAc"]
[Tue Oct 03 22:45:55.432536 2023] [:error] [pid 2190444] [client 45.135.57.32:36429] [client 45.135.57.32] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZRx9gwZviCQdMrFEFkbrNwAAADw"], referer: http://pms.test.indacotrentino.com/.git/HEAD
[Tue Oct 03 22:45:55.438411 2023] [:error] [pid 2190444] [client 45.135.57.32:36429] [client 45.135.57.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZRx9gwZviCQdMrFEFkbrNwAAADw"], referer: http://pms.test.indacotrentino.com/.git/HEAD
[Tue Oct 03 22:45:55.438614 2023] [:error] [pid 2190444] [client 45.135.57.32:36429] [client 45.135.57.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZRx9gwZviCQdMrFEFkbrNwAAADw"], referer: http://pms.test.indacotrentino.com/.git/HEAD
[Sat Nov 04 22:19:08.510466 2023] [authz_core:error] [pid 2940355] [client 139.144.150.45:54720] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Sat Nov 04 22:19:09.717833 2023] [:error] [pid 2940356] [client 139.144.150.45:54744] [client 139.144.150.45] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZUa1TSx42qkWuW3_EpEkCAAAAAk"]
[Sat Nov 04 22:19:09.718076 2023] [:error] [pid 2940356] [client 139.144.150.45:54744] [client 139.144.150.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZUa1TSx42qkWuW3_EpEkCAAAAAk"]
[Sat Nov 04 22:19:09.718223 2023] [:error] [pid 2940356] [client 139.144.150.45:54744] [client 139.144.150.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZUa1TSx42qkWuW3_EpEkCAAAAAk"]
[Sat Nov 04 22:19:09.927101 2023] [:error] [pid 2940356] [client 139.144.150.45:54760] [client 139.144.150.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUa1TSx42qkWuW3_EpEkCgAAAAk"]
[Sat Nov 04 22:19:09.927290 2023] [:error] [pid 2940356] [client 139.144.150.45:54760] [client 139.144.150.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUa1TSx42qkWuW3_EpEkCgAAAAk"]
[Sat Nov 04 22:19:09.927437 2023] [:error] [pid 2940356] [client 139.144.150.45:54760] [client 139.144.150.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUa1TSx42qkWuW3_EpEkCgAAAAk"]
[Sat Nov 04 22:19:10.154285 2023] [:error] [pid 2940352] [client 139.144.150.45:54770] [client 139.144.150.45] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUa1ThScrz1c2JWe1L-TtwAAAAY"]
[Sat Nov 04 22:19:10.154484 2023] [:error] [pid 2940352] [client 139.144.150.45:54770] [client 139.144.150.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUa1ThScrz1c2JWe1L-TtwAAAAY"]
[Sat Nov 04 22:19:10.154805 2023] [:error] [pid 2940352] [client 139.144.150.45:54770] [client 139.144.150.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUa1ThScrz1c2JWe1L-TtwAAAAY"]
[Sun Nov 05 01:28:23.819057 2023] [:error] [pid 2941672] [client 44.201.212.175:59678] [client 44.201.212.175] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUbhpx19Z3MSmtX77xQxtQAAAAU"]
[Sun Nov 05 01:28:23.819306 2023] [:error] [pid 2941672] [client 44.201.212.175:59678] [client 44.201.212.175] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUbhpx19Z3MSmtX77xQxtQAAAAU"]
[Sun Nov 05 01:28:23.819461 2023] [:error] [pid 2941672] [client 44.201.212.175:59678] [client 44.201.212.175] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUbhpx19Z3MSmtX77xQxtQAAAAU"]
[Sun Nov 05 02:33:50.522310 2023] [:error] [pid 2941672] [client 91.213.50.8:38002] [client 91.213.50.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUbw_h19Z3MSmtX77xQxuAAAAAU"]
[Sun Nov 05 02:33:50.522566 2023] [:error] [pid 2941672] [client 91.213.50.8:38002] [client 91.213.50.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUbw_h19Z3MSmtX77xQxuAAAAAU"]
[Sun Nov 05 02:33:50.522762 2023] [:error] [pid 2941672] [client 91.213.50.8:38002] [client 91.213.50.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUbw_h19Z3MSmtX77xQxuAAAAAU"]
[Sun Nov 05 15:08:31.586078 2023] [:error] [pid 2949694] [client 91.213.50.8:59988] [client 91.213.50.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUeh3yo0qVGOtryXpL2howAAAAc"]
[Sun Nov 05 15:08:31.586317 2023] [:error] [pid 2949694] [client 91.213.50.8:59988] [client 91.213.50.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUeh3yo0qVGOtryXpL2howAAAAc"]
[Sun Nov 05 15:08:31.586527 2023] [:error] [pid 2949694] [client 91.213.50.8:59988] [client 91.213.50.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUeh3yo0qVGOtryXpL2howAAAAc"]
[Sun Nov 05 15:08:53.856653 2023] [:error] [pid 2945347] [client 91.213.50.8:51808] [client 91.213.50.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUeh9TDT8nMuo9EfqVECfQAAAAE"]
[Sun Nov 05 15:08:53.856985 2023] [:error] [pid 2945347] [client 91.213.50.8:51808] [client 91.213.50.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUeh9TDT8nMuo9EfqVECfQAAAAE"]
[Sun Nov 05 15:08:53.857181 2023] [:error] [pid 2945347] [client 91.213.50.8:51808] [client 91.213.50.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUeh9TDT8nMuo9EfqVECfQAAAAE"]
[Sun Nov 05 15:58:25.384409 2023] [:error] [pid 2947462] [client 13.238.182.129:49468] [client 13.238.182.129] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ZUetkfmCwGyt19di1WEBIgAAAAY"]
[Sun Nov 05 15:58:25.384637 2023] [:error] [pid 2947462] [client 13.238.182.129:49468] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ZUetkfmCwGyt19di1WEBIgAAAAY"]
[Sun Nov 05 15:58:25.384789 2023] [:error] [pid 2947462] [client 13.238.182.129:49468] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "ZUetkfmCwGyt19di1WEBIgAAAAY"]
[Sun Nov 05 15:58:26.342466 2023] [:error] [pid 2945349] [client 13.238.182.129:49484] [client 13.238.182.129] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZUetkkrTDH-WNbmIHqbDDwAAAAM"]
[Sun Nov 05 15:58:26.342686 2023] [:error] [pid 2945349] [client 13.238.182.129:49484] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZUetkkrTDH-WNbmIHqbDDwAAAAM"]
[Sun Nov 05 15:58:26.342932 2023] [:error] [pid 2945349] [client 13.238.182.129:49484] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZUetkkrTDH-WNbmIHqbDDwAAAAM"]
[Sun Nov 05 15:58:36.283087 2023] [:error] [pid 2945350] [client 13.238.182.129:38048] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "ZUetnE7FHveku4ctlxRlUQAAAAQ"]
[Sun Nov 05 15:58:36.283319 2023] [:error] [pid 2945350] [client 13.238.182.129:38048] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "ZUetnE7FHveku4ctlxRlUQAAAAQ"]
[Sun Nov 05 15:58:36.283475 2023] [:error] [pid 2945350] [client 13.238.182.129:38048] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "ZUetnE7FHveku4ctlxRlUQAAAAQ"]
[Sun Nov 05 15:58:48.226750 2023] [:error] [pid 2949694] [client 13.238.182.129:39414] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUetqCo0qVGOtryXpL2hpgAAAAc"]
[Sun Nov 05 15:58:48.227081 2023] [:error] [pid 2949694] [client 13.238.182.129:39414] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUetqCo0qVGOtryXpL2hpgAAAAc"]
[Sun Nov 05 15:58:48.227322 2023] [:error] [pid 2949694] [client 13.238.182.129:39414] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUetqCo0qVGOtryXpL2hpgAAAAc"]
[Sun Nov 05 15:58:49.186702 2023] [:error] [pid 2945347] [client 13.238.182.129:39422] [client 13.238.182.129] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZUetqTDT8nMuo9EfqVECgAAAAAE"]
[Sun Nov 05 15:58:49.186863 2023] [:error] [pid 2945347] [client 13.238.182.129:39422] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZUetqTDT8nMuo9EfqVECgAAAAAE"]
[Sun Nov 05 15:58:49.187091 2023] [:error] [pid 2945347] [client 13.238.182.129:39422] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZUetqTDT8nMuo9EfqVECgAAAAAE"]
[Sun Nov 05 15:58:49.187253 2023] [:error] [pid 2945347] [client 13.238.182.129:39422] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZUetqTDT8nMuo9EfqVECgAAAAAE"]
[Sun Nov 05 15:58:50.141900 2023] [:error] [pid 2945348] [client 13.238.182.129:39434] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ZUetqq54h8K8yKXmm046MAAAAAI"]
[Sun Nov 05 15:58:50.142135 2023] [:error] [pid 2945348] [client 13.238.182.129:39434] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ZUetqq54h8K8yKXmm046MAAAAAI"]
[Sun Nov 05 15:58:50.142303 2023] [:error] [pid 2945348] [client 13.238.182.129:39434] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ZUetqq54h8K8yKXmm046MAAAAAI"]
[Sun Nov 05 15:58:52.654335 2023] [:error] [pid 2953480] [client 13.238.182.129:39188] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ZUetrOyxlz8CqQghNzVKzAAAAAo"]
[Sun Nov 05 15:58:52.654557 2023] [:error] [pid 2953480] [client 13.238.182.129:39188] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ZUetrOyxlz8CqQghNzVKzAAAAAo"]
[Sun Nov 05 15:58:52.654705 2023] [:error] [pid 2953480] [client 13.238.182.129:39188] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ZUetrOyxlz8CqQghNzVKzAAAAAo"]
[Sun Nov 05 15:58:55.443161 2023] [:error] [pid 2945350] [client 13.238.182.129:39192] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ZUetr07FHveku4ctlxRlUgAAAAQ"]
[Sun Nov 05 15:58:55.443385 2023] [:error] [pid 2945350] [client 13.238.182.129:39192] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ZUetr07FHveku4ctlxRlUgAAAAQ"]
[Sun Nov 05 15:58:55.443584 2023] [:error] [pid 2945350] [client 13.238.182.129:39192] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ZUetr07FHveku4ctlxRlUgAAAAQ"]
[Sun Nov 05 15:58:56.402428 2023] [:error] [pid 2947462] [client 13.238.182.129:39204] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ZUetsPmCwGyt19di1WEBJAAAAAY"]
[Sun Nov 05 15:58:56.402652 2023] [:error] [pid 2947462] [client 13.238.182.129:39204] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ZUetsPmCwGyt19di1WEBJAAAAAY"]
[Sun Nov 05 15:58:56.402808 2023] [:error] [pid 2947462] [client 13.238.182.129:39204] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ZUetsPmCwGyt19di1WEBJAAAAAY"]
[Sun Nov 05 15:58:59.497340 2023] [:error] [pid 2945349] [client 13.238.182.129:39218] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ZUets0rTDH-WNbmIHqbDEQAAAAM"]
[Sun Nov 05 15:58:59.497558 2023] [:error] [pid 2945349] [client 13.238.182.129:39218] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ZUets0rTDH-WNbmIHqbDEQAAAAM"]
[Sun Nov 05 15:58:59.497740 2023] [:error] [pid 2945349] [client 13.238.182.129:39218] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ZUets0rTDH-WNbmIHqbDEQAAAAM"]
[Sun Nov 05 15:59:00.450626 2023] [:error] [pid 2953478] [client 13.238.182.129:39234] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZUettNtLKgISucRyj21FUgAAAAg"]
[Sun Nov 05 15:59:00.459263 2023] [:error] [pid 2953478] [client 13.238.182.129:39234] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZUettNtLKgISucRyj21FUgAAAAg"]
[Sun Nov 05 15:59:00.459431 2023] [:error] [pid 2953478] [client 13.238.182.129:39234] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZUettNtLKgISucRyj21FUgAAAAg"]
[Sun Nov 05 15:59:03.931659 2023] [:error] [pid 2945346] [client 13.238.182.129:43998] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZUett0Lxtgn9b120wAzh3gAAAAA"]
[Sun Nov 05 15:59:03.931885 2023] [:error] [pid 2945346] [client 13.238.182.129:43998] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZUett0Lxtgn9b120wAzh3gAAAAA"]
[Sun Nov 05 15:59:03.932042 2023] [:error] [pid 2945346] [client 13.238.182.129:43998] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZUett0Lxtgn9b120wAzh3gAAAAA"]
[Sun Nov 05 15:59:05.031019 2023] [:error] [pid 2953479] [client 13.238.182.129:44010] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZUetuciyITV8IjJ-hgGdYwAAAAk"]
[Sun Nov 05 15:59:05.031235 2023] [:error] [pid 2953479] [client 13.238.182.129:44010] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZUetuciyITV8IjJ-hgGdYwAAAAk"]
[Sun Nov 05 15:59:05.031387 2023] [:error] [pid 2953479] [client 13.238.182.129:44010] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZUetuciyITV8IjJ-hgGdYwAAAAk"]
[Sun Nov 05 15:59:06.032590 2023] [:error] [pid 2949694] [client 13.238.182.129:44012] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZUetuio0qVGOtryXpL2hpwAAAAc"]
[Sun Nov 05 15:59:06.032810 2023] [:error] [pid 2949694] [client 13.238.182.129:44012] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZUetuio0qVGOtryXpL2hpwAAAAc"]
[Sun Nov 05 15:59:06.032978 2023] [:error] [pid 2949694] [client 13.238.182.129:44012] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZUetuio0qVGOtryXpL2hpwAAAAc"]
[Sun Nov 05 15:59:07.354477 2023] [:error] [pid 2945347] [client 13.238.182.129:44028] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ZUetuzDT8nMuo9EfqVECgQAAAAE"]
[Sun Nov 05 15:59:07.354704 2023] [:error] [pid 2945347] [client 13.238.182.129:44028] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ZUetuzDT8nMuo9EfqVECgQAAAAE"]
[Sun Nov 05 15:59:07.354852 2023] [:error] [pid 2945347] [client 13.238.182.129:44028] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ZUetuzDT8nMuo9EfqVECgQAAAAE"]
[Sun Nov 05 15:59:08.648866 2023] [:error] [pid 2945348] [client 13.238.182.129:44032] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZUetvK54h8K8yKXmm046MQAAAAI"]
[Sun Nov 05 15:59:08.649087 2023] [:error] [pid 2945348] [client 13.238.182.129:44032] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZUetvK54h8K8yKXmm046MQAAAAI"]
[Sun Nov 05 15:59:08.649282 2023] [:error] [pid 2945348] [client 13.238.182.129:44032] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZUetvK54h8K8yKXmm046MQAAAAI"]
[Sun Nov 05 15:59:09.902961 2023] [:error] [pid 2953480] [client 13.238.182.129:44042] [client 13.238.182.129] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZUetveyxlz8CqQghNzVKzQAAAAo"]
[Sun Nov 05 15:59:09.903119 2023] [:error] [pid 2953480] [client 13.238.182.129:44042] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZUetveyxlz8CqQghNzVKzQAAAAo"]
[Sun Nov 05 15:59:09.903324 2023] [:error] [pid 2953480] [client 13.238.182.129:44042] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZUetveyxlz8CqQghNzVKzQAAAAo"]
[Sun Nov 05 15:59:09.903486 2023] [:error] [pid 2953480] [client 13.238.182.129:44042] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZUetveyxlz8CqQghNzVKzQAAAAo"]
[Sun Nov 05 15:59:11.738660 2023] [:error] [pid 2945350] [client 13.238.182.129:36656] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ZUetv07FHveku4ctlxRlUwAAAAQ"]
[Sun Nov 05 15:59:11.738884 2023] [:error] [pid 2945350] [client 13.238.182.129:36656] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ZUetv07FHveku4ctlxRlUwAAAAQ"]
[Sun Nov 05 15:59:11.739075 2023] [:error] [pid 2945350] [client 13.238.182.129:36656] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ZUetv07FHveku4ctlxRlUwAAAAQ"]
[Sun Nov 05 15:59:12.689910 2023] [:error] [pid 2947462] [client 13.238.182.129:36658] [client 13.238.182.129] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZUetwPmCwGyt19di1WEBJQAAAAY"]
[Sun Nov 05 15:59:12.690076 2023] [:error] [pid 2947462] [client 13.238.182.129:36658] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZUetwPmCwGyt19di1WEBJQAAAAY"]
[Sun Nov 05 15:59:12.692698 2023] [:error] [pid 2947462] [client 13.238.182.129:36658] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZUetwPmCwGyt19di1WEBJQAAAAY"]
[Sun Nov 05 15:59:12.692869 2023] [:error] [pid 2947462] [client 13.238.182.129:36658] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZUetwPmCwGyt19di1WEBJQAAAAY"]
[Sun Nov 05 15:59:15.641648 2023] [:error] [pid 2945349] [client 13.238.182.129:36662] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.www"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "ZUetw0rTDH-WNbmIHqbDEgAAAAM"]
[Sun Nov 05 15:59:15.641877 2023] [:error] [pid 2945349] [client 13.238.182.129:36662] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "ZUetw0rTDH-WNbmIHqbDEgAAAAM"]
[Sun Nov 05 15:59:15.642031 2023] [:error] [pid 2945349] [client 13.238.182.129:36662] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "ZUetw0rTDH-WNbmIHqbDEgAAAAM"]
[Sun Nov 05 15:59:18.133266 2023] [:error] [pid 2953478] [client 13.238.182.129:36674] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "ZUetxttLKgISucRyj21FUwAAAAg"]
[Sun Nov 05 15:59:18.133492 2023] [:error] [pid 2953478] [client 13.238.182.129:36674] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "ZUetxttLKgISucRyj21FUwAAAAg"]
[Sun Nov 05 15:59:18.133677 2023] [:error] [pid 2953478] [client 13.238.182.129:36674] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "ZUetxttLKgISucRyj21FUwAAAAg"]
[Sun Nov 05 15:59:19.985547 2023] [:error] [pid 2945346] [client 13.238.182.129:36686] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "ZUetx0Lxtgn9b120wAzh3wAAAAA"]
[Sun Nov 05 15:59:19.987348 2023] [:error] [pid 2945346] [client 13.238.182.129:36686] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "ZUetx0Lxtgn9b120wAzh3wAAAAA"]
[Sun Nov 05 15:59:19.987597 2023] [:error] [pid 2945346] [client 13.238.182.129:36686] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "ZUetx0Lxtgn9b120wAzh3wAAAAA"]
[Sun Nov 05 15:59:20.937573 2023] [:error] [pid 2953479] [client 13.238.182.129:47596] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.indacotrentino"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.indacotrentino"] [unique_id "ZUetyMiyITV8IjJ-hgGdZAAAAAk"]
[Sun Nov 05 15:59:20.937790 2023] [:error] [pid 2953479] [client 13.238.182.129:47596] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.indacotrentino"] [unique_id "ZUetyMiyITV8IjJ-hgGdZAAAAAk"]
[Sun Nov 05 15:59:20.937944 2023] [:error] [pid 2953479] [client 13.238.182.129:47596] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.indacotrentino"] [unique_id "ZUetyMiyITV8IjJ-hgGdZAAAAAk"]
[Sun Nov 05 15:59:21.892409 2023] [:error] [pid 2949694] [client 13.238.182.129:47600] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.pms.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.pms.test"] [unique_id "ZUetySo0qVGOtryXpL2hqAAAAAc"]
[Sun Nov 05 15:59:21.892635 2023] [:error] [pid 2949694] [client 13.238.182.129:47600] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.pms.test"] [unique_id "ZUetySo0qVGOtryXpL2hqAAAAAc"]
[Sun Nov 05 15:59:21.892778 2023] [:error] [pid 2949694] [client 13.238.182.129:47600] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.pms.test"] [unique_id "ZUetySo0qVGOtryXpL2hqAAAAAc"]
[Sun Nov 05 15:59:23.588434 2023] [:error] [pid 2945347] [client 13.238.182.129:47606] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZUetyzDT8nMuo9EfqVECggAAAAE"]
[Sun Nov 05 15:59:23.588686 2023] [:error] [pid 2945347] [client 13.238.182.129:47606] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZUetyzDT8nMuo9EfqVECggAAAAE"]
[Sun Nov 05 15:59:23.588841 2023] [:error] [pid 2945347] [client 13.238.182.129:47606] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZUetyzDT8nMuo9EfqVECggAAAAE"]
[Sun Nov 05 15:59:24.565269 2023] [:error] [pid 2945348] [client 13.238.182.129:47614] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUetzK54h8K8yKXmm046MgAAAAI"]
[Sun Nov 05 15:59:24.565492 2023] [:error] [pid 2945348] [client 13.238.182.129:47614] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUetzK54h8K8yKXmm046MgAAAAI"]
[Sun Nov 05 15:59:24.565672 2023] [:error] [pid 2945348] [client 13.238.182.129:47614] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZUetzK54h8K8yKXmm046MgAAAAI"]
[Sun Nov 05 15:59:32.484520 2023] [:error] [pid 2953478] [client 13.238.182.129:57066] [client 13.238.182.129] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/redis.conf"] [unique_id "ZUet1NtLKgISucRyj21FVAAAAAg"]
[Sun Nov 05 15:59:32.484855 2023] [:error] [pid 2953478] [client 13.238.182.129:57066] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/redis.conf"] [unique_id "ZUet1NtLKgISucRyj21FVAAAAAg"]
[Sun Nov 05 15:59:32.485035 2023] [:error] [pid 2953478] [client 13.238.182.129:57066] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/redis.conf"] [unique_id "ZUet1NtLKgISucRyj21FVAAAAAg"]
[Sun Nov 05 15:59:37.488507 2023] [:error] [pid 2953479] [client 13.238.182.129:57072] [client 13.238.182.129] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/s3cmd.ini"] [unique_id "ZUet2ciyITV8IjJ-hgGdZQAAAAk"]
[Sun Nov 05 15:59:37.488848 2023] [:error] [pid 2953479] [client 13.238.182.129:57072] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3cmd.ini"] [unique_id "ZUet2ciyITV8IjJ-hgGdZQAAAAk"]
[Sun Nov 05 15:59:37.488995 2023] [:error] [pid 2953479] [client 13.238.182.129:57072] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3cmd.ini"] [unique_id "ZUet2ciyITV8IjJ-hgGdZQAAAAk"]
[Sun Nov 05 15:59:40.698373 2023] [:error] [pid 2945348] [client 13.238.182.129:57098] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:auto_prepend_file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:auto_prepend_file: \\x22/etc/passwd\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZUet3K54h8K8yKXmm046MwAAAAI"]
[Sun Nov 05 15:59:40.698501 2023] [:error] [pid 2945348] [client 13.238.182.129:57098] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "dev/fd/" at ARGS:PHPRC. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "509"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: dev/fd/ found within ARGS:PHPRC: /dev/fd/0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZUet3K54h8K8yKXmm046MwAAAAI"]
[Sun Nov 05 15:59:40.698547 2023] [:error] [pid 2945348] [client 13.238.182.129:57098] [client 13.238.182.129] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:auto_prepend_file. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "509"] [id "932160"] [msg "Remote Command Execution: Unix Shell Code Found"] [data "Matched Data: etc/passwd found within ARGS:auto_prepend_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZUet3K54h8K8yKXmm046MwAAAAI"]
[Sun Nov 05 15:59:40.699068 2023] [:error] [pid 2945348] [client 13.238.182.129:57098] [client 13.238.182.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZUet3K54h8K8yKXmm046MwAAAAI"]
[Sun Nov 05 15:59:40.699233 2023] [:error] [pid 2945348] [client 13.238.182.129:57098] [client 13.238.182.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=10,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "ZUet3K54h8K8yKXmm046MwAAAAI"]
[Sun Nov 05 23:54:24.869386 2023] [:error] [pid 2953480] [client 34.202.160.67:55320] [client 34.202.160.67] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUgdIOyxlz8CqQghNzVK3AAAAAo"]
[Sun Nov 05 23:54:24.869621 2023] [:error] [pid 2953480] [client 34.202.160.67:55320] [client 34.202.160.67] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUgdIOyxlz8CqQghNzVK3AAAAAo"]
[Sun Nov 05 23:54:24.869791 2023] [:error] [pid 2953480] [client 34.202.160.67:55320] [client 34.202.160.67] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUgdIOyxlz8CqQghNzVK3AAAAAo"]
[Mon Nov 06 00:29:43.114755 2023] [:error] [pid 2963620] [client 34.202.160.67:59862] [client 34.202.160.67] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUglZ4ut8xjTaIUJ718sUAAAAAQ"]
[Mon Nov 06 00:29:43.115008 2023] [:error] [pid 2963620] [client 34.202.160.67:59862] [client 34.202.160.67] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUglZ4ut8xjTaIUJ718sUAAAAAQ"]
[Mon Nov 06 00:29:43.115166 2023] [:error] [pid 2963620] [client 34.202.160.67:59862] [client 34.202.160.67] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZUglZ4ut8xjTaIUJ718sUAAAAAQ"]
[Mon Nov 06 01:21:30.324273 2023] [:error] [pid 2963620] [client 34.202.160.67:45260] [client 34.202.160.67] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZUgxiout8xjTaIUJ718sVAAAAAQ"]
[Mon Nov 06 01:21:30.324557 2023] [:error] [pid 2963620] [client 34.202.160.67:45260] [client 34.202.160.67] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZUgxiout8xjTaIUJ718sVAAAAAQ"]
[Mon Nov 06 01:21:30.324737 2023] [:error] [pid 2963620] [client 34.202.160.67:45260] [client 34.202.160.67] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZUgxiout8xjTaIUJ718sVAAAAAQ"]
[Sat Nov 11 16:01:28.379776 2023] [:error] [pid 3078223] [client 104.234.204.63:40650] [client 104.234.204.63] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZU-XSK1CWz7zrnb_xLsyCAAAAAE"]
[Sat Nov 11 16:01:28.387278 2023] [:error] [pid 3078223] [client 104.234.204.63:40650] [client 104.234.204.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZU-XSK1CWz7zrnb_xLsyCAAAAAE"]
[Sat Nov 11 16:01:28.387495 2023] [:error] [pid 3078223] [client 104.234.204.63:40650] [client 104.234.204.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZU-XSK1CWz7zrnb_xLsyCAAAAAE"]
[Sun Nov 12 18:09:20.013080 2023] [:error] [pid 3099713] [client 104.234.204.63:32842] [client 104.234.204.63] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZVEGwJWUvWTnWcsrZEG2VgAAAAE"]
[Sun Nov 12 18:09:20.013346 2023] [:error] [pid 3099713] [client 104.234.204.63:32842] [client 104.234.204.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZVEGwJWUvWTnWcsrZEG2VgAAAAE"]
[Sun Nov 12 18:09:20.013502 2023] [:error] [pid 3099713] [client 104.234.204.63:32842] [client 104.234.204.63] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZVEGwJWUvWTnWcsrZEG2VgAAAAE"]
[Thu Nov 16 12:57:43.041395 2023] [proxy:error] [pid 3186839] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Thu Nov 16 12:57:43.041430 2023] [proxy_http:error] [pid 3186839] [client 87.0.254.138:51587] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Thu Nov 16 12:57:43.041519 2023] [proxy:error] [pid 3195854] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Thu Nov 16 12:57:43.041546 2023] [proxy_http:error] [pid 3195854] [client 87.0.254.138:51589] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Thu Nov 16 12:57:49.861081 2023] [proxy:error] [pid 3186842] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Thu Nov 16 12:57:49.861114 2023] [proxy_http:error] [pid 3186842] [client 87.0.254.138:51592] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Thu Nov 16 12:58:02.775771 2023] [proxy:error] [pid 3186839] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Thu Nov 16 12:58:02.775799 2023] [proxy_http:error] [pid 3186839] [client 87.0.254.138:51618] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Thu Nov 16 12:58:02.791707 2023] [proxy:error] [pid 3195854] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Thu Nov 16 12:58:02.791735 2023] [proxy_http:error] [pid 3195854] [client 87.0.254.138:51617] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Mon Dec 11 07:55:21.324198 2023] [:error] [pid 3770809] [client 110.138.86.253:54448] [client 110.138.86.253] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZXayWSwuo5QhwyOpNBQpaQAAAAQ"]
[Mon Dec 11 07:55:21.331543 2023] [:error] [pid 3770809] [client 110.138.86.253:54448] [client 110.138.86.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZXayWSwuo5QhwyOpNBQpaQAAAAQ"]
[Mon Dec 11 07:55:21.331725 2023] [:error] [pid 3770809] [client 110.138.86.253:54448] [client 110.138.86.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZXayWSwuo5QhwyOpNBQpaQAAAAQ"]
[Mon Dec 11 07:55:21.841199 2023] [:error] [pid 3770805] [client 110.138.86.253:53218] [client 110.138.86.253] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZXayWZJp3WTofdsothQj1AAAAAA"]
[Mon Dec 11 07:55:21.841390 2023] [:error] [pid 3770805] [client 110.138.86.253:53218] [client 110.138.86.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZXayWZJp3WTofdsothQj1AAAAAA"]
[Mon Dec 11 07:55:21.841545 2023] [:error] [pid 3770805] [client 110.138.86.253:53218] [client 110.138.86.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZXayWZJp3WTofdsothQj1AAAAAA"]
[Mon Dec 18 16:27:37.699921 2023] [proxy_http:error] [pid 3950931] (104)Connection reset by peer: [client 87.16.21.43:61979] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Dec 18 16:27:37.714106 2023] [proxy:error] [pid 3950931] [client 87.16.21.43:61979] AH00898: Error reading from remote server returned by /backend, referer: https://pms.test.indacotrentino.com/
[Tue Dec 19 12:32:52.257361 2023] [:error] [pid 3960694] [client 164.92.155.72:59740] [client 164.92.155.72] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZYF_ZDpDAk_hmXW3_W4uCgAAAAQ"]
[Tue Dec 19 12:32:52.257622 2023] [:error] [pid 3960694] [client 164.92.155.72:59740] [client 164.92.155.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZYF_ZDpDAk_hmXW3_W4uCgAAAAQ"]
[Tue Dec 19 12:32:52.257788 2023] [:error] [pid 3960694] [client 164.92.155.72:59740] [client 164.92.155.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZYF_ZDpDAk_hmXW3_W4uCgAAAAQ"]
[Tue Dec 19 12:32:52.564576 2023] [:error] [pid 3960693] [client 164.92.155.72:59754] [client 164.92.155.72] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZYF_ZCqrmlhO3XrJ4e5SOwAAAAM"], referer: http://pms.test.indacotrentino.com/.git/config
[Tue Dec 19 12:32:52.564829 2023] [:error] [pid 3960693] [client 164.92.155.72:59754] [client 164.92.155.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZYF_ZCqrmlhO3XrJ4e5SOwAAAAM"], referer: http://pms.test.indacotrentino.com/.git/config
[Tue Dec 19 12:32:52.564984 2023] [:error] [pid 3960693] [client 164.92.155.72:59754] [client 164.92.155.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZYF_ZCqrmlhO3XrJ4e5SOwAAAAM"], referer: http://pms.test.indacotrentino.com/.git/config
[Sun Dec 31 21:00:48.572545 2023] [:error] [pid 30784] [client 54.161.99.216:34036] [client 54.161.99.216] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZHIcB3UeLilDnmHrGnSpgAAAAM"]
[Sun Dec 31 21:00:48.580609 2023] [:error] [pid 30784] [client 54.161.99.216:34036] [client 54.161.99.216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZHIcB3UeLilDnmHrGnSpgAAAAM"]
[Sun Dec 31 21:00:48.580788 2023] [:error] [pid 30784] [client 54.161.99.216:34036] [client 54.161.99.216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZHIcB3UeLilDnmHrGnSpgAAAAM"]
[Thu Jan 04 03:07:13.051622 2024] [authz_core:error] [pid 119632] [client 134.122.89.242:33344] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Thu Jan 04 03:07:13.185961 2024] [:error] [pid 119631] [client 134.122.89.242:33428] [client 134.122.89.242] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZZYS0WIc5PzAWytwSLHzUAAAAAM"]
[Thu Jan 04 03:07:13.186231 2024] [:error] [pid 119631] [client 134.122.89.242:33428] [client 134.122.89.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZZYS0WIc5PzAWytwSLHzUAAAAAM"]
[Thu Jan 04 03:07:13.186446 2024] [:error] [pid 119631] [client 134.122.89.242:33428] [client 134.122.89.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZZYS0WIc5PzAWytwSLHzUAAAAAM"]
[Thu Jan 04 03:07:13.231043 2024] [:error] [pid 119628] [client 134.122.89.242:33462] [client 134.122.89.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZZYS0dB9jRPKPcDRqKF7VgAAAAA"]
[Thu Jan 04 03:07:13.231324 2024] [:error] [pid 119628] [client 134.122.89.242:33462] [client 134.122.89.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZZYS0dB9jRPKPcDRqKF7VgAAAAA"]
[Thu Jan 04 03:07:13.231570 2024] [:error] [pid 119628] [client 134.122.89.242:33462] [client 134.122.89.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZZYS0dB9jRPKPcDRqKF7VgAAAAA"]
[Thu Jan 04 03:07:13.271544 2024] [:error] [pid 119630] [client 134.122.89.242:33496] [client 134.122.89.242] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYS0VdaueujfdmKMgv-hAAAAAI"]
[Thu Jan 04 03:07:13.271756 2024] [:error] [pid 119630] [client 134.122.89.242:33496] [client 134.122.89.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYS0VdaueujfdmKMgv-hAAAAAI"]
[Thu Jan 04 03:07:13.271911 2024] [:error] [pid 119630] [client 134.122.89.242:33496] [client 134.122.89.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYS0VdaueujfdmKMgv-hAAAAAI"]
[Thu Jan 04 03:07:37.827300 2024] [:error] [pid 119630] [client 193.143.1.139:44598] [client 193.143.1.139] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYS6VdaueujfdmKMgv-hQAAAAI"]
[Thu Jan 04 03:07:37.827609 2024] [:error] [pid 119630] [client 193.143.1.139:44598] [client 193.143.1.139] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYS6VdaueujfdmKMgv-hQAAAAI"]
[Thu Jan 04 03:07:37.827808 2024] [:error] [pid 119630] [client 193.143.1.139:44598] [client 193.143.1.139] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYS6VdaueujfdmKMgv-hQAAAAI"]
[Thu Jan 04 03:08:37.738199 2024] [:error] [pid 119656] [client 80.94.92.37:59906] [client 80.94.92.37] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYTJbNqDsB2E5I8FE7VngAAAAU"]
[Thu Jan 04 03:08:37.738407 2024] [:error] [pid 119656] [client 80.94.92.37:59906] [client 80.94.92.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYTJbNqDsB2E5I8FE7VngAAAAU"]
[Thu Jan 04 03:08:37.738571 2024] [:error] [pid 119656] [client 80.94.92.37:59906] [client 80.94.92.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYTJbNqDsB2E5I8FE7VngAAAAU"]
[Thu Jan 04 03:16:31.301488 2024] [:error] [pid 119660] [client 80.94.92.37:59602] [client 80.94.92.37] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYU_5qtB_QjWDR3Lh-UMAAAAAk"]
[Thu Jan 04 03:16:31.301774 2024] [:error] [pid 119660] [client 80.94.92.37:59602] [client 80.94.92.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYU_5qtB_QjWDR3Lh-UMAAAAAk"]
[Thu Jan 04 03:16:31.301938 2024] [:error] [pid 119660] [client 80.94.92.37:59602] [client 80.94.92.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZYU_5qtB_QjWDR3Lh-UMAAAAAk"]
[Sat Jan 06 05:50:40.576217 2024] [:error] [pid 163653] [client 50.18.103.201:60004] [client 50.18.103.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZjcIHMh-7CV5yfHb_R4PQAAAAI"]
[Sat Jan 06 05:50:40.578047 2024] [:error] [pid 163653] [client 50.18.103.201:60004] [client 50.18.103.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZjcIHMh-7CV5yfHb_R4PQAAAAI"]
[Sat Jan 06 05:50:40.578233 2024] [:error] [pid 163653] [client 50.18.103.201:60004] [client 50.18.103.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZjcIHMh-7CV5yfHb_R4PQAAAAI"]
[Sat Jan 06 10:28:38.854292 2024] [:error] [pid 163653] [client 110.138.94.27:58841] [client 110.138.94.27] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZZkdRnMh-7CV5yfHb_R4SwAAAAI"]
[Sat Jan 06 10:28:38.854544 2024] [:error] [pid 163653] [client 110.138.94.27:58841] [client 110.138.94.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZZkdRnMh-7CV5yfHb_R4SwAAAAI"]
[Sat Jan 06 10:28:38.854715 2024] [:error] [pid 163653] [client 110.138.94.27:58841] [client 110.138.94.27] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "ZZkdRnMh-7CV5yfHb_R4SwAAAAI"]
[Sat Jan 06 10:28:39.385651 2024] [:error] [pid 163652] [client 110.138.94.27:53522] [client 110.138.94.27] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZZkdR596kWZ4e3cBNNihiQAAAAE"]
[Sat Jan 06 10:28:39.385912 2024] [:error] [pid 163652] [client 110.138.94.27:53522] [client 110.138.94.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZZkdR596kWZ4e3cBNNihiQAAAAE"]
[Sat Jan 06 10:28:39.386125 2024] [:error] [pid 163652] [client 110.138.94.27:53522] [client 110.138.94.27] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZZkdR596kWZ4e3cBNNihiQAAAAE"]
[Mon Jan 08 14:27:47.143364 2024] [proxy_http:error] [pid 218190] (104)Connection reset by peer: [client 101.56.97.226:1797] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 14:31:21.827584 2024] [proxy_http:error] [pid 206301] (70007)The timeout specified has expired: [client 101.56.97.226:1792] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 14:31:21.827644 2024] [proxy:error] [pid 206301] [client 101.56.97.226:1792] AH00898: Error reading from remote server returned by /rest/partners/updateProducts/, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:20:02.086186 2024] [proxy_http:error] [pid 220695] (104)Connection reset by peer: [client 101.56.97.226:1850] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:21:14.136861 2024] [proxy_http:error] [pid 220104] (70007)The timeout specified has expired: [client 101.56.97.226:1807] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:21:14.151530 2024] [proxy:error] [pid 220104] [client 101.56.97.226:1807] AH00898: Error reading from remote server returned by /rest/partners/updateProducts/, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:21:54.213051 2024] [proxy_http:error] [pid 220108] (70007)The timeout specified has expired: [client 101.56.97.226:1827] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:21:54.241449 2024] [proxy:error] [pid 220108] [client 101.56.97.226:1827] AH00898: Error reading from remote server returned by /rest/charts/products/640597c2c3e1774dd7069170, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:21:54.281015 2024] [proxy_http:error] [pid 220116] (70007)The timeout specified has expired: [client 101.56.97.226:1826] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:21:54.319384 2024] [proxy:error] [pid 220116] [client 101.56.97.226:1826] AH00898: Error reading from remote server returned by /rest/orders/summary/640597c2c3e1774dd7069170/62ed13d02477d328814c66ed/, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:22:36.598052 2024] [proxy_http:error] [pid 220175] (70007)The timeout specified has expired: [client 101.56.97.226:1834] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:22:36.610828 2024] [proxy:error] [pid 220175] [client 101.56.97.226:1834] AH00898: Error reading from remote server returned by /rest/charts/products/640597c2c3e1774dd7069170, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:22:36.723735 2024] [proxy_http:error] [pid 220208] (70007)The timeout specified has expired: [client 101.56.97.226:1835] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:22:36.732589 2024] [proxy:error] [pid 220208] [client 101.56.97.226:1835] AH00898: Error reading from remote server returned by /rest/orders/summary/640597c2c3e1774dd7069170/62ed13d02477d328814c66ed/, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:22:51.721075 2024] [proxy_http:error] [pid 220161] (70007)The timeout specified has expired: [client 101.56.97.226:1832] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:22:51.724753 2024] [proxy:error] [pid 220161] [client 101.56.97.226:1832] AH00898: Error reading from remote server returned by /rest/charts/products/640597c2c3e1774dd7069170, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:24:55.753587 2024] [proxy_http:error] [pid 220697] (70007)The timeout specified has expired: [client 101.56.97.226:1851] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:24:55.756482 2024] [proxy:error] [pid 220697] [client 101.56.97.226:1851] AH00898: Error reading from remote server returned by /rest/charts/products/640597c2c3e1774dd7069170, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:24:55.935590 2024] [proxy_http:error] [pid 220372] (70007)The timeout specified has expired: [client 101.56.97.226:1849] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:24:55.935669 2024] [proxy:error] [pid 220372] [client 101.56.97.226:1849] AH00898: Error reading from remote server returned by /rest/orders/summary/640597c2c3e1774dd7069170/62ed13d02477d328814c66ed/, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:25:27.071575 2024] [proxy_http:error] [pid 220691] (70007)The timeout specified has expired: [client 101.56.97.226:1854] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:25:27.071640 2024] [proxy:error] [pid 220691] [client 101.56.97.226:1854] AH00898: Error reading from remote server returned by /rest/charts/products/640597c2c3e1774dd7069170, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:25:29.387597 2024] [proxy_http:error] [pid 220700] (70007)The timeout specified has expired: [client 101.56.97.226:1855] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:25:29.387671 2024] [proxy:error] [pid 220700] [client 101.56.97.226:1855] AH00898: Error reading from remote server returned by /rest/orders/summary/640597c2c3e1774dd7069170/62ed13d02477d328814c66ed/, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:25:48.360057 2024] [proxy_http:error] [pid 220373] (70007)The timeout specified has expired: [client 101.56.97.226:1840] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:25:48.371535 2024] [proxy:error] [pid 220373] [client 101.56.97.226:1840] AH00898: Error reading from remote server returned by /rest/charts/products/640597c2c3e1774dd7069170, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:26:23.535606 2024] [proxy_http:error] [pid 220172] (70007)The timeout specified has expired: [client 101.56.97.226:1799] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Mon Jan 08 15:26:23.535672 2024] [proxy:error] [pid 220172] [client 101.56.97.226:1799] AH00898: Error reading from remote server returned by /rest/orders/summary/640597c2c3e1774dd7069170/62ed13d02477d328814c66ed/, referer: https://pms.test.indacotrentino.com/
[Thu Jan 11 09:04:32.246001 2024] [:error] [pid 275713] [client 31.220.0.86:58996] [client 31.220.0.86] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZ-hEGe73Z8RpPzABWoX5QAAAAI"]
[Thu Jan 11 09:04:32.246313 2024] [:error] [pid 275713] [client 31.220.0.86:58996] [client 31.220.0.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZ-hEGe73Z8RpPzABWoX5QAAAAI"]
[Thu Jan 11 09:04:32.246501 2024] [:error] [pid 275713] [client 31.220.0.86:58996] [client 31.220.0.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZZ-hEGe73Z8RpPzABWoX5QAAAAI"]
[Mon Jan 15 16:20:07.545545 2024] [:error] [pid 376521] [client 79.50.106.181:64720] [client 79.50.106.181] ModSecurity: Warning. Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:data. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "504"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: (400 x 600 px) (1) found within ARGS:data: {\\x22name\\x22:\\x22firma natale delta (400 x 600 px) (1).png\\x22,\\x22type\\x22:\\x22image/png\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/632349101fbeef5e72aae4c3"] [unique_id "ZaVNJzqVt3y1Yhu7ZCatiAAAAAQ"], referer: https://pms.test.indacotrentino.com/
[Mon Jan 15 16:20:07.550994 2024] [:error] [pid 376521] [client 79.50.106.181:64720] [client 79.50.106.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/632349101fbeef5e72aae4c3"] [unique_id "ZaVNJzqVt3y1Yhu7ZCatiAAAAAQ"], referer: https://pms.test.indacotrentino.com/
[Mon Jan 15 16:20:07.551228 2024] [:error] [pid 376521] [client 79.50.106.181:64720] [client 79.50.106.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/media/632349101fbeef5e72aae4c3"] [unique_id "ZaVNJzqVt3y1Yhu7ZCatiAAAAAQ"], referer: https://pms.test.indacotrentino.com/
[Wed Jan 17 12:50:43.335981 2024] [:error] [pid 417405] [client 31.43.185.32:50720] [client 31.43.185.32] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zae_E5iZTZTQV7jk5RpFHAAAAAg"]
[Wed Jan 17 12:50:43.336259 2024] [:error] [pid 417405] [client 31.43.185.32:50720] [client 31.43.185.32] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zae_E5iZTZTQV7jk5RpFHAAAAAg"]
[Wed Jan 17 12:50:43.336449 2024] [:error] [pid 417405] [client 31.43.185.32:50720] [client 31.43.185.32] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zae_E5iZTZTQV7jk5RpFHAAAAAg"]
[Fri Jan 19 16:01:37.796945 2024] [proxy_http:error] [pid 476566] (104)Connection reset by peer: [client 213.21.147.71:54284] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Fri Jan 19 16:29:04.305993 2024] [proxy_http:error] [pid 476578] (104)Connection reset by peer: [client 213.21.147.71:54627] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Sat Jan 20 15:02:46.353663 2024] [:error] [pid 486696] [client 18.223.120.90:40872] [client 18.223.120.90] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZavShpHTdjzdF2yYG18nPwAAAAE"]
[Sat Jan 20 15:02:46.354000 2024] [:error] [pid 486696] [client 18.223.120.90:40872] [client 18.223.120.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZavShpHTdjzdF2yYG18nPwAAAAE"]
[Sat Jan 20 15:02:46.354181 2024] [:error] [pid 486696] [client 18.223.120.90:40872] [client 18.223.120.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZavShpHTdjzdF2yYG18nPwAAAAE"]
[Tue Jan 23 14:14:00.349318 2024] [proxy_http:error] [pid 564358] (20014)Internal error (specific information not available): [client 213.21.147.71:56204] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.349342 2024] [proxy_http:error] [pid 577313] (20014)Internal error (specific information not available): [client 213.21.147.71:56228] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.349368 2024] [proxy:error] [pid 564358] [client 213.21.147.71:56204] AH00898: Error reading from remote server returned by /rest/categories/default/62ed13d02477d328814c66ed, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.349392 2024] [proxy:error] [pid 577313] [client 213.21.147.71:56228] AH00898: Error reading from remote server returned by /rest/partners/632dd5c81d877a2ed9c6d153/productsSearch, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.350020 2024] [proxy_http:error] [pid 564747] (20014)Internal error (specific information not available): [client 213.21.147.71:56200] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.351297 2024] [proxy_http:error] [pid 563978] (20014)Internal error (specific information not available): [client 213.21.147.71:56197] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.352173 2024] [proxy_http:error] [pid 564786] (20014)Internal error (specific information not available): [client 213.21.147.71:56199] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.352197 2024] [proxy:error] [pid 564786] [client 213.21.147.71:56199] AH00898: Error reading from remote server returned by /rest/warehouses/partner/632dd5c81d877a2ed9c6d153, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.352193 2024] [proxy_http:error] [pid 564803] (20014)Internal error (specific information not available): [client 213.21.147.71:56193] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.352722 2024] [proxy_http:error] [pid 564063] (20014)Internal error (specific information not available): [client 213.21.147.71:56163] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.352885 2024] [proxy_http:error] [pid 564775] (20014)Internal error (specific information not available): [client 213.21.147.71:56165] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.352900 2024] [proxy:error] [pid 564775] [client 213.21.147.71:56165] AH00898: Error reading from remote server returned by /rest/attribute-sets/default/62ed13d02477d328814c66ed, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.353262 2024] [proxy_http:error] [pid 564845] (20014)Internal error (specific information not available): [client 213.21.147.71:56166] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.353279 2024] [proxy:error] [pid 564845] [client 213.21.147.71:56166] AH00898: Error reading from remote server returned by /rest/warehouses/partner/632dd5c81d877a2ed9c6d153, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.353672 2024] [proxy_http:error] [pid 577311] (20014)Internal error (specific information not available): [client 213.21.147.71:56191] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.567599 2024] [proxy_http:error] [pid 577313] (20014)Internal error (specific information not available): [client 213.21.147.71:56228] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.568452 2024] [proxy_http:error] [pid 564358] (20014)Internal error (specific information not available): [client 213.21.147.71:56204] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.582188 2024] [proxy:error] [pid 564786] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Tue Jan 23 14:14:00.582217 2024] [proxy_http:error] [pid 564786] [client 213.21.147.71:56199] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Tue Jan 23 14:14:00.585061 2024] [proxy:error] [pid 564371] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Tue Jan 23 14:14:00.585085 2024] [proxy_http:error] [pid 564371] [client 213.21.147.71:47901] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Sun Jan 28 07:25:52.861352 2024] [:error] [pid 693510] [client 193.32.162.87:48182] [client 193.32.162.87] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbXzcFMec8X_NupEikpx8gAAAAQ"]
[Sun Jan 28 07:25:52.869420 2024] [:error] [pid 693510] [client 193.32.162.87:48182] [client 193.32.162.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbXzcFMec8X_NupEikpx8gAAAAQ"]
[Sun Jan 28 07:25:52.869645 2024] [:error] [pid 693510] [client 193.32.162.87:48182] [client 193.32.162.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZbXzcFMec8X_NupEikpx8gAAAAQ"]
[Thu Feb 22 09:46:07.064707 2024] [proxy_http:error] [pid 1283847] (70007)The timeout specified has expired: [client 37.186.136.246:54255] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Thu Feb 22 09:46:07.066079 2024] [proxy:error] [pid 1283847] [client 37.186.136.246:54255] AH00898: Error reading from remote server returned by /rest/warehouses/journal/notFulfilled/null, referer: https://pms.test.indacotrentino.com/
[Mon Mar 04 03:04:13.344407 2024] [authz_core:error] [pid 1531487] [client 159.203.94.228:40750] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Mon Mar 04 03:04:14.381019 2024] [:error] [pid 1531484] [client 159.203.94.228:40764] [client 159.203.94.228] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZeUsHhCTTON5OTyItianUQAAAAA"]
[Mon Mar 04 03:04:14.381290 2024] [:error] [pid 1531484] [client 159.203.94.228:40764] [client 159.203.94.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZeUsHhCTTON5OTyItianUQAAAAA"]
[Mon Mar 04 03:04:14.381499 2024] [:error] [pid 1531484] [client 159.203.94.228:40764] [client 159.203.94.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZeUsHhCTTON5OTyItianUQAAAAA"]
[Mon Mar 04 03:04:14.734548 2024] [:error] [pid 1531549] [client 159.203.94.228:40766] [client 159.203.94.228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeUsHnBGiR3L_SsDx_NvFgAAAAc"]
[Mon Mar 04 03:04:14.734764 2024] [:error] [pid 1531549] [client 159.203.94.228:40766] [client 159.203.94.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeUsHnBGiR3L_SsDx_NvFgAAAAc"]
[Mon Mar 04 03:04:14.734932 2024] [:error] [pid 1531549] [client 159.203.94.228:40766] [client 159.203.94.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeUsHnBGiR3L_SsDx_NvFgAAAAc"]
[Mon Mar 04 03:04:15.060735 2024] [:error] [pid 1531485] [client 159.203.94.228:40778] [client 159.203.94.228] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeUsH3URt5CijQpQg0vU7gAAAAE"]
[Mon Mar 04 03:04:15.060968 2024] [:error] [pid 1531485] [client 159.203.94.228:40778] [client 159.203.94.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeUsH3URt5CijQpQg0vU7gAAAAE"]
[Mon Mar 04 03:04:15.061168 2024] [:error] [pid 1531485] [client 159.203.94.228:40778] [client 159.203.94.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeUsH3URt5CijQpQg0vU7gAAAAE"]
[Mon Mar 04 03:05:30.757186 2024] [:error] [pid 1531535] [client 45.138.16.120:44722] [client 45.138.16.120] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeUsascLiFaqVMr8bEmdzgAAAAY"]
[Mon Mar 04 03:05:30.757797 2024] [:error] [pid 1531535] [client 45.138.16.120:44722] [client 45.138.16.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeUsascLiFaqVMr8bEmdzgAAAAY"]
[Mon Mar 04 03:05:30.758244 2024] [:error] [pid 1531535] [client 45.138.16.120:44722] [client 45.138.16.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeUsascLiFaqVMr8bEmdzgAAAAY"]
[Mon Mar 04 15:37:33.368921 2024] [:error] [pid 1531550] [client 45.138.16.120:35762] [client 45.138.16.120] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeXcrbvMGUKokUy1cgav0gAAAAg"]
[Mon Mar 04 15:37:33.369400 2024] [:error] [pid 1531550] [client 45.138.16.120:35762] [client 45.138.16.120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeXcrbvMGUKokUy1cgav0gAAAAg"]
[Mon Mar 04 15:37:33.370006 2024] [:error] [pid 1531550] [client 45.138.16.120:35762] [client 45.138.16.120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZeXcrbvMGUKokUy1cgav0gAAAAg"]
[Mon Mar 04 19:35:22.817123 2024] [:error] [pid 1538249] [client 165.232.89.74:56912] [client 165.232.89.74] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeYUav3LDewZggaee9McMQAAAAs"]
[Mon Mar 04 19:35:22.817883 2024] [:error] [pid 1538249] [client 165.232.89.74:56912] [client 165.232.89.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeYUav3LDewZggaee9McMQAAAAs"]
[Mon Mar 04 19:35:22.818392 2024] [:error] [pid 1538249] [client 165.232.89.74:56912] [client 165.232.89.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeYUav3LDewZggaee9McMQAAAAs"]
[Tue Mar 05 22:45:38.683618 2024] [:error] [pid 1553872] [client 165.232.89.74:40646] [client 165.232.89.74] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeeSgjfZ54fnqxoyHIJwIQAAAAM"]
[Tue Mar 05 22:45:38.684314 2024] [:error] [pid 1553872] [client 165.232.89.74:40646] [client 165.232.89.74] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeeSgjfZ54fnqxoyHIJwIQAAAAM"]
[Tue Mar 05 22:45:38.684994 2024] [:error] [pid 1553872] [client 165.232.89.74:40646] [client 165.232.89.74] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZeeSgjfZ54fnqxoyHIJwIQAAAAM"]
[Mon Mar 25 22:18:15.479114 2024] [:error] [pid 2027224] [client 91.215.85.29:53842] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgAAAAAc"]
[Mon Mar 25 22:18:15.487253 2024] [:error] [pid 2025392] [client 91.215.85.29:53814] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRQAAAAM"]
[Mon Mar 25 22:18:15.487583 2024] [:error] [pid 2025392] [client 91.215.85.29:53814] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRQAAAAM"]
[Mon Mar 25 22:18:15.487584 2024] [:error] [pid 2027224] [client 91.215.85.29:53842] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgAAAAAc"]
[Mon Mar 25 22:18:15.487801 2024] [:error] [pid 2027224] [client 91.215.85.29:53842] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgAAAAAc"]
[Mon Mar 25 22:18:15.487807 2024] [:error] [pid 2025392] [client 91.215.85.29:53814] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRQAAAAM"]
[Mon Mar 25 22:18:15.479405 2024] [:error] [pid 2025391] [client 91.215.85.29:53868] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /amphtml/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFAAAAAI"]
[Mon Mar 25 22:18:15.488136 2024] [:error] [pid 2025391] [client 91.215.85.29:53868] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFAAAAAI"]
[Mon Mar 25 22:18:15.482331 2024] [:error] [pid 2025389] [client 91.215.85.29:53886] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /alpha/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVQAAAAA"]
[Mon Mar 25 22:18:15.488338 2024] [:error] [pid 2025391] [client 91.215.85.29:53868] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFAAAAAI"]
[Mon Mar 25 22:18:15.488450 2024] [:error] [pid 2025389] [client 91.215.85.29:53886] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVQAAAAA"]
[Mon Mar 25 22:18:15.488687 2024] [:error] [pid 2025389] [client 91.215.85.29:53886] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVQAAAAA"]
[Mon Mar 25 22:18:15.482951 2024] [:error] [pid 2025394] [client 91.215.85.29:53856] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /a/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzAAAAAU"]
[Mon Mar 25 22:18:15.484253 2024] [:error] [pid 2028694] [client 91.215.85.29:53816] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIAAAAAk"]
[Mon Mar 25 22:18:15.489018 2024] [:error] [pid 2025394] [client 91.215.85.29:53856] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzAAAAAU"]
[Mon Mar 25 22:18:15.489089 2024] [:error] [pid 2028694] [client 91.215.85.29:53816] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIAAAAAk"]
[Mon Mar 25 22:18:15.489217 2024] [:error] [pid 2025394] [client 91.215.85.29:53856] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzAAAAAU"]
[Mon Mar 25 22:18:15.489304 2024] [:error] [pid 2028694] [client 91.215.85.29:53816] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIAAAAAk"]
[Mon Mar 25 22:18:15.485245 2024] [:error] [pid 2025393] [client 91.215.85.29:53820] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WAAAAAQ"]
[Mon Mar 25 22:18:15.489628 2024] [:error] [pid 2025393] [client 91.215.85.29:53820] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WAAAAAQ"]
[Mon Mar 25 22:18:15.489838 2024] [:error] [pid 2025393] [client 91.215.85.29:53820] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WAAAAAQ"]
[Mon Mar 25 22:18:15.486090 2024] [:error] [pid 2027220] [client 91.215.85.29:53874] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_QAAAAY"]
[Mon Mar 25 22:18:15.486469 2024] [:error] [pid 2025390] [client 91.215.85.29:53798] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBHwAAAAE"]
[Mon Mar 25 22:18:15.490261 2024] [:error] [pid 2025390] [client 91.215.85.29:53798] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBHwAAAAE"]
[Mon Mar 25 22:18:15.490457 2024] [:error] [pid 2025390] [client 91.215.85.29:53798] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBHwAAAAE"]
[Mon Mar 25 22:18:15.487213 2024] [:error] [pid 2027228] [client 91.215.85.29:53832] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFogAAAAg"]
[Mon Mar 25 22:18:15.490791 2024] [:error] [pid 2027228] [client 91.215.85.29:53832] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFogAAAAg"]
[Mon Mar 25 22:18:15.490986 2024] [:error] [pid 2027228] [client 91.215.85.29:53832] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFogAAAAg"]
[Mon Mar 25 22:18:15.492047 2024] [:error] [pid 2027220] [client 91.215.85.29:53874] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_QAAAAY"]
[Mon Mar 25 22:18:15.492262 2024] [:error] [pid 2027220] [client 91.215.85.29:53874] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_QAAAAY"]
[Mon Mar 25 22:18:15.588074 2024] [:error] [pid 2025389] [client 91.215.85.29:53894] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVgAAAAA"]
[Mon Mar 25 22:18:15.588699 2024] [:error] [pid 2025389] [client 91.215.85.29:53894] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVgAAAAA"]
[Mon Mar 25 22:18:15.589115 2024] [:error] [pid 2025389] [client 91.215.85.29:53894] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVgAAAAA"]
[Mon Mar 25 22:18:15.589701 2024] [:error] [pid 2025391] [client 91.215.85.29:53918] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFQAAAAI"]
[Mon Mar 25 22:18:15.590275 2024] [:error] [pid 2025391] [client 91.215.85.29:53918] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFQAAAAI"]
[Mon Mar 25 22:18:15.590652 2024] [:error] [pid 2025391] [client 91.215.85.29:53918] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFQAAAAI"]
[Mon Mar 25 22:18:15.593096 2024] [:error] [pid 2027224] [client 91.215.85.29:53934] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgQAAAAc"]
[Mon Mar 25 22:18:15.593623 2024] [:error] [pid 2027224] [client 91.215.85.29:53934] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgQAAAAc"]
[Mon Mar 25 22:18:15.594009 2024] [:error] [pid 2027224] [client 91.215.85.29:53934] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgQAAAAc"]
[Mon Mar 25 22:18:15.594151 2024] [:error] [pid 2028694] [client 91.215.85.29:53902] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIQAAAAk"]
[Mon Mar 25 22:18:15.594598 2024] [:error] [pid 2028694] [client 91.215.85.29:53902] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIQAAAAk"]
[Mon Mar 25 22:18:15.594985 2024] [:error] [pid 2028694] [client 91.215.85.29:53902] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIQAAAAk"]
[Mon Mar 25 22:18:15.597055 2024] [:error] [pid 2025392] [client 91.215.85.29:53954] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRgAAAAM"]
[Mon Mar 25 22:18:15.597203 2024] [:error] [pid 2027228] [client 91.215.85.29:53942] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /aomanalyzer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFowAAAAg"]
[Mon Mar 25 22:18:15.597261 2024] [:error] [pid 2025392] [client 91.215.85.29:53954] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRgAAAAM"]
[Mon Mar 25 22:18:15.597406 2024] [:error] [pid 2027228] [client 91.215.85.29:53942] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFowAAAAg"]
[Mon Mar 25 22:18:15.597422 2024] [:error] [pid 2025392] [client 91.215.85.29:53954] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRgAAAAM"]
[Mon Mar 25 22:18:15.597561 2024] [:error] [pid 2027228] [client 91.215.85.29:53942] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFowAAAAg"]
[Mon Mar 25 22:18:15.663019 2024] [:error] [pid 2025390] [client 91.215.85.29:53974] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIAAAAAE"]
[Mon Mar 25 22:18:15.663563 2024] [:error] [pid 2025390] [client 91.215.85.29:53974] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIAAAAAE"]
[Mon Mar 25 22:18:15.664018 2024] [:error] [pid 2025390] [client 91.215.85.29:53974] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIAAAAAE"]
[Mon Mar 25 22:18:15.666494 2024] [:error] [pid 2025393] [client 91.215.85.29:53980] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WQAAAAQ"]
[Mon Mar 25 22:18:15.667321 2024] [:error] [pid 2025393] [client 91.215.85.29:53980] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WQAAAAQ"]
[Mon Mar 25 22:18:15.667412 2024] [:error] [pid 2027220] [client 91.215.85.29:53994] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_gAAAAY"]
[Mon Mar 25 22:18:15.667624 2024] [:error] [pid 2025393] [client 91.215.85.29:53980] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WQAAAAQ"]
[Mon Mar 25 22:18:15.667681 2024] [:error] [pid 2027220] [client 91.215.85.29:53994] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_gAAAAY"]
[Mon Mar 25 22:18:15.667874 2024] [:error] [pid 2027220] [client 91.215.85.29:53994] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_gAAAAY"]
[Mon Mar 25 22:18:15.668761 2024] [:error] [pid 2025394] [client 91.215.85.29:53966] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzQAAAAU"]
[Mon Mar 25 22:18:15.669049 2024] [:error] [pid 2025394] [client 91.215.85.29:53966] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzQAAAAU"]
[Mon Mar 25 22:18:15.669283 2024] [:error] [pid 2025394] [client 91.215.85.29:53966] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzQAAAAU"]
[Mon Mar 25 22:18:15.693098 2024] [:error] [pid 2025389] [client 91.215.85.29:54010] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVwAAAAA"]
[Mon Mar 25 22:18:15.693543 2024] [:error] [pid 2025389] [client 91.215.85.29:54010] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVwAAAAA"]
[Mon Mar 25 22:18:15.693887 2024] [:error] [pid 2025389] [client 91.215.85.29:54010] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSVwAAAAA"]
[Mon Mar 25 22:18:15.693956 2024] [:error] [pid 2025391] [client 91.215.85.29:54020] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFgAAAAI"]
[Mon Mar 25 22:18:15.694289 2024] [:error] [pid 2025391] [client 91.215.85.29:54020] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFgAAAAI"]
[Mon Mar 25 22:18:15.694499 2024] [:error] [pid 2025391] [client 91.215.85.29:54020] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFgAAAAI"]
[Mon Mar 25 22:18:15.696514 2024] [:error] [pid 2027228] [client 91.215.85.29:54016] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /beta/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpAAAAAg"]
[Mon Mar 25 22:18:15.696784 2024] [:error] [pid 2027228] [client 91.215.85.29:54016] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpAAAAAg"]
[Mon Mar 25 22:18:15.697539 2024] [:error] [pid 2027224] [client 91.215.85.29:54040] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /build/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMggAAAAc"]
[Mon Mar 25 22:18:15.697894 2024] [:error] [pid 2027224] [client 91.215.85.29:54040] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMggAAAAc"]
[Mon Mar 25 22:18:15.698116 2024] [:error] [pid 2027224] [client 91.215.85.29:54040] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMggAAAAc"]
[Mon Mar 25 22:18:15.698158 2024] [:error] [pid 2028694] [client 91.215.85.29:54026] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIgAAAAk"]
[Mon Mar 25 22:18:15.698404 2024] [:error] [pid 2028694] [client 91.215.85.29:54026] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIgAAAAk"]
[Mon Mar 25 22:18:15.698590 2024] [:error] [pid 2028694] [client 91.215.85.29:54026] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIgAAAAk"]
[Mon Mar 25 22:18:15.698877 2024] [:error] [pid 2027228] [client 91.215.85.29:54016] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpAAAAAg"]
[Mon Mar 25 22:18:15.700505 2024] [:error] [pid 2025392] [client 91.215.85.29:54048] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRwAAAAM"]
[Mon Mar 25 22:18:15.700800 2024] [:error] [pid 2025392] [client 91.215.85.29:54048] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRwAAAAM"]
[Mon Mar 25 22:18:15.701023 2024] [:error] [pid 2025392] [client 91.215.85.29:54048] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJRwAAAAM"]
[Mon Mar 25 22:18:15.769627 2024] [:error] [pid 2025394] [client 91.215.85.29:54080] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzgAAAAU"]
[Mon Mar 25 22:18:15.769929 2024] [:error] [pid 2025394] [client 91.215.85.29:54080] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzgAAAAU"]
[Mon Mar 25 22:18:15.770128 2024] [:error] [pid 2025394] [client 91.215.85.29:54080] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzgAAAAU"]
[Mon Mar 25 22:18:15.770268 2024] [:error] [pid 2025393] [client 91.215.85.29:54050] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WgAAAAQ"]
[Mon Mar 25 22:18:15.770612 2024] [:error] [pid 2025393] [client 91.215.85.29:54050] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WgAAAAQ"]
[Mon Mar 25 22:18:15.770751 2024] [:error] [pid 2025390] [client 91.215.85.29:54070] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIQAAAAE"]
[Mon Mar 25 22:18:15.770923 2024] [:error] [pid 2025393] [client 91.215.85.29:54050] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WgAAAAQ"]
[Mon Mar 25 22:18:15.771003 2024] [:error] [pid 2025390] [client 91.215.85.29:54070] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIQAAAAE"]
[Mon Mar 25 22:18:15.771265 2024] [:error] [pid 2025390] [client 91.215.85.29:54070] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIQAAAAE"]
[Mon Mar 25 22:18:15.772190 2024] [:error] [pid 2027220] [client 91.215.85.29:54060] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_wAAAAY"]
[Mon Mar 25 22:18:15.773498 2024] [:error] [pid 2027220] [client 91.215.85.29:54060] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_wAAAAY"]
[Mon Mar 25 22:18:15.773806 2024] [:error] [pid 2027220] [client 91.215.85.29:54060] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YN_wAAAAY"]
[Mon Mar 25 22:18:15.798366 2024] [:error] [pid 2025389] [client 91.215.85.29:54084] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /demo/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSWAAAAAA"]
[Mon Mar 25 22:18:15.798790 2024] [:error] [pid 2025389] [client 91.215.85.29:54084] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSWAAAAAA"]
[Mon Mar 25 22:18:15.798803 2024] [:error] [pid 2025391] [client 91.215.85.29:54098] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /developer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFwAAAAI"]
[Mon Mar 25 22:18:15.799123 2024] [:error] [pid 2025391] [client 91.215.85.29:54098] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFwAAAAI"]
[Mon Mar 25 22:18:15.799139 2024] [:error] [pid 2025389] [client 91.215.85.29:54084] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSWAAAAAA"]
[Mon Mar 25 22:18:15.799337 2024] [:error] [pid 2025391] [client 91.215.85.29:54098] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tFwAAAAI"]
[Mon Mar 25 22:18:15.810932 2024] [:error] [pid 2027224] [client 91.215.85.29:54140] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /gateway/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgwAAAAc"]
[Mon Mar 25 22:18:15.811227 2024] [:error] [pid 2027224] [client 91.215.85.29:54140] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgwAAAAc"]
[Mon Mar 25 22:18:15.811376 2024] [:error] [pid 2027224] [client 91.215.85.29:54140] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMgwAAAAc"]
[Mon Mar 25 22:18:15.813529 2024] [:error] [pid 2028694] [client 91.215.85.29:54124] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /flock/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIwAAAAk"]
[Mon Mar 25 22:18:15.813738 2024] [:error] [pid 2028694] [client 91.215.85.29:54124] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIwAAAAk"]
[Mon Mar 25 22:18:15.813892 2024] [:error] [pid 2028694] [client 91.215.85.29:54124] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCIwAAAAk"]
[Mon Mar 25 22:18:15.814112 2024] [:error] [pid 2027228] [client 91.215.85.29:54110] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpQAAAAg"]
[Mon Mar 25 22:18:15.814629 2024] [:error] [pid 2027228] [client 91.215.85.29:54110] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpQAAAAg"]
[Mon Mar 25 22:18:15.815019 2024] [:error] [pid 2027228] [client 91.215.85.29:54110] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpQAAAAg"]
[Mon Mar 25 22:18:15.827944 2024] [:error] [pid 2025392] [client 91.215.85.29:54156] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJSAAAAAM"]
[Mon Mar 25 22:18:15.828322 2024] [:error] [pid 2025392] [client 91.215.85.29:54156] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJSAAAAAM"]
[Mon Mar 25 22:18:15.828646 2024] [:error] [pid 2025392] [client 91.215.85.29:54156] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJSAAAAAM"]
[Mon Mar 25 22:18:15.865815 2024] [:error] [pid 2025390] [client 91.215.85.29:54172] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /git/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIgAAAAE"]
[Mon Mar 25 22:18:15.866213 2024] [:error] [pid 2025390] [client 91.215.85.29:54172] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIgAAAAE"]
[Mon Mar 25 22:18:15.866599 2024] [:error] [pid 2025390] [client 91.215.85.29:54172] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIgAAAAE"]
[Mon Mar 25 22:18:15.869094 2024] [:error] [pid 2025394] [client 91.215.85.29:54198] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /live/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzwAAAAU"]
[Mon Mar 25 22:18:15.869489 2024] [:error] [pid 2025394] [client 91.215.85.29:54198] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzwAAAAU"]
[Mon Mar 25 22:18:15.869833 2024] [:error] [pid 2025394] [client 91.215.85.29:54198] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgwzwAAAAU"]
[Mon Mar 25 22:18:15.872377 2024] [:error] [pid 2025393] [client 91.215.85.29:54206] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /__macosx/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WwAAAAQ"]
[Mon Mar 25 22:18:15.872951 2024] [:error] [pid 2025393] [client 91.215.85.29:54206] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WwAAAAQ"]
[Mon Mar 25 22:18:15.873363 2024] [:error] [pid 2025393] [client 91.215.85.29:54206] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09WwAAAAQ"]
[Mon Mar 25 22:18:15.876815 2024] [:error] [pid 2027220] [client 91.215.85.29:54188] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /includes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YOAAAAAAY"]
[Mon Mar 25 22:18:15.877301 2024] [:error] [pid 2027220] [client 91.215.85.29:54188] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YOAAAAAAY"]
[Mon Mar 25 22:18:15.877686 2024] [:error] [pid 2027220] [client 91.215.85.29:54188] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YOAAAAAAY"]
[Mon Mar 25 22:18:15.903711 2024] [:error] [pid 2025391] [client 91.215.85.29:54214] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /new/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tGAAAAAI"]
[Mon Mar 25 22:18:15.904262 2024] [:error] [pid 2025391] [client 91.215.85.29:54214] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tGAAAAAI"]
[Mon Mar 25 22:18:15.904643 2024] [:error] [pid 2025391] [client 91.215.85.29:54214] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZgHqFw7yBQMRBVFeIK9tGAAAAAI"]
[Mon Mar 25 22:18:15.906017 2024] [:error] [pid 2025389] [client 91.215.85.29:54210] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /m/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSWQAAAAA"]
[Mon Mar 25 22:18:15.906388 2024] [:error] [pid 2025389] [client 91.215.85.29:54210] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSWQAAAAA"]
[Mon Mar 25 22:18:15.906698 2024] [:error] [pid 2025389] [client 91.215.85.29:54210] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZgHqF7UhH0n0eKl87GcSWQAAAAA"]
[Mon Mar 25 22:18:15.920824 2024] [:error] [pid 2028694] [client 91.215.85.29:54230] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /node_modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCJAAAAAk"]
[Mon Mar 25 22:18:15.920927 2024] [:error] [pid 2027224] [client 91.215.85.29:54236] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /old-cuburn/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMhAAAAAc"]
[Mon Mar 25 22:18:15.921111 2024] [:error] [pid 2028694] [client 91.215.85.29:54230] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCJAAAAAk"]
[Mon Mar 25 22:18:15.921314 2024] [:error] [pid 2028694] [client 91.215.85.29:54230] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "ZgHqF-CYinOrL-HIbyGCJAAAAAk"]
[Mon Mar 25 22:18:15.921474 2024] [:error] [pid 2027224] [client 91.215.85.29:54236] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMhAAAAAc"]
[Mon Mar 25 22:18:15.921884 2024] [:error] [pid 2027224] [client 91.215.85.29:54236] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZgHqF5LtBkaAwWmXXFxMhAAAAAc"]
[Mon Mar 25 22:18:15.923354 2024] [:error] [pid 2027228] [client 91.215.85.29:54254] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /qa/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpgAAAAg"]
[Mon Mar 25 22:18:15.923609 2024] [:error] [pid 2027228] [client 91.215.85.29:54254] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpgAAAAg"]
[Mon Mar 25 22:18:15.923830 2024] [:error] [pid 2027228] [client 91.215.85.29:54254] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZgHqF4D7xpu1aVB_6ANFpgAAAAg"]
[Mon Mar 25 22:18:15.930163 2024] [:error] [pid 2025392] [client 91.215.85.29:54276] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repository/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJSQAAAAM"]
[Mon Mar 25 22:18:15.930629 2024] [:error] [pid 2025392] [client 91.215.85.29:54276] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJSQAAAAM"]
[Mon Mar 25 22:18:15.930857 2024] [:error] [pid 2025392] [client 91.215.85.29:54276] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZgHqF9PKUCI6d3b2VZCJSQAAAAM"]
[Mon Mar 25 22:18:15.965908 2024] [:error] [pid 2025394] [client 91.215.85.29:54292] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /samples/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgw0AAAAAU"]
[Mon Mar 25 22:18:15.966422 2024] [:error] [pid 2025394] [client 91.215.85.29:54292] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgw0AAAAAU"]
[Mon Mar 25 22:18:15.966803 2024] [:error] [pid 2025394] [client 91.215.85.29:54292] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZgHqF9BOsPOWY3hOfBgw0AAAAAU"]
[Mon Mar 25 22:18:15.967323 2024] [:error] [pid 2025390] [client 91.215.85.29:54244] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIwAAAAE"]
[Mon Mar 25 22:18:15.967770 2024] [:error] [pid 2025390] [client 91.215.85.29:54244] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIwAAAAE"]
[Mon Mar 25 22:18:15.968171 2024] [:error] [pid 2025390] [client 91.215.85.29:54244] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZgHqF4IuwaJZiPZ1lzKBIwAAAAE"]
[Mon Mar 25 22:18:15.977306 2024] [:error] [pid 2025393] [client 91.215.85.29:54260] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repos/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09XAAAAAQ"]
[Mon Mar 25 22:18:15.977670 2024] [:error] [pid 2025393] [client 91.215.85.29:54260] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09XAAAAAQ"]
[Mon Mar 25 22:18:15.977939 2024] [:error] [pid 2025393] [client 91.215.85.29:54260] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZgHqF0xqzvAhw1tF-y09XAAAAAQ"]
[Mon Mar 25 22:18:15.981668 2024] [:error] [pid 2027220] [client 91.215.85.29:54290] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YOAQAAAAY"]
[Mon Mar 25 22:18:15.982010 2024] [:error] [pid 2027220] [client 91.215.85.29:54290] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YOAQAAAAY"]
[Mon Mar 25 22:18:15.982284 2024] [:error] [pid 2027220] [client 91.215.85.29:54290] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZgHqFxEDTPsfUVS202YOAQAAAAY"]
[Mon Mar 25 22:18:16.009702 2024] [:error] [pid 2025391] [client 91.215.85.29:54302] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZgHqGA7yBQMRBVFeIK9tGQAAAAI"]
[Mon Mar 25 22:18:16.010275 2024] [:error] [pid 2025391] [client 91.215.85.29:54302] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZgHqGA7yBQMRBVFeIK9tGQAAAAI"]
[Mon Mar 25 22:18:16.010693 2024] [:error] [pid 2025391] [client 91.215.85.29:54302] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZgHqGA7yBQMRBVFeIK9tGQAAAAI"]
[Mon Mar 25 22:18:16.012202 2024] [:error] [pid 2025389] [client 91.215.85.29:54320] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "ZgHqGLUhH0n0eKl87GcSWgAAAAA"]
[Mon Mar 25 22:18:16.012792 2024] [:error] [pid 2025389] [client 91.215.85.29:54320] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "ZgHqGLUhH0n0eKl87GcSWgAAAAA"]
[Mon Mar 25 22:18:16.013139 2024] [:error] [pid 2025389] [client 91.215.85.29:54320] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "ZgHqGLUhH0n0eKl87GcSWgAAAAA"]
[Mon Mar 25 22:18:16.022666 2024] [:error] [pid 2027224] [client 91.215.85.29:54340] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /static/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZgHqGJLtBkaAwWmXXFxMhQAAAAc"]
[Mon Mar 25 22:18:16.022863 2024] [:error] [pid 2028694] [client 91.215.85.29:54310] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZgHqGOCYinOrL-HIbyGCJQAAAAk"]
[Mon Mar 25 22:18:16.022988 2024] [:error] [pid 2027224] [client 91.215.85.29:54340] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZgHqGJLtBkaAwWmXXFxMhQAAAAc"]
[Mon Mar 25 22:18:16.023236 2024] [:error] [pid 2027224] [client 91.215.85.29:54340] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZgHqGJLtBkaAwWmXXFxMhQAAAAc"]
[Mon Mar 25 22:18:16.023406 2024] [:error] [pid 2028694] [client 91.215.85.29:54310] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZgHqGOCYinOrL-HIbyGCJQAAAAk"]
[Mon Mar 25 22:18:16.023854 2024] [:error] [pid 2028694] [client 91.215.85.29:54310] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZgHqGOCYinOrL-HIbyGCJQAAAAk"]
[Mon Mar 25 22:18:16.025343 2024] [:error] [pid 2027228] [client 91.215.85.29:54334] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZgHqGID7xpu1aVB_6ANFpwAAAAg"]
[Mon Mar 25 22:18:16.025625 2024] [:error] [pid 2027228] [client 91.215.85.29:54334] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZgHqGID7xpu1aVB_6ANFpwAAAAg"]
[Mon Mar 25 22:18:16.025841 2024] [:error] [pid 2027228] [client 91.215.85.29:54334] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZgHqGID7xpu1aVB_6ANFpwAAAAg"]
[Mon Mar 25 22:18:16.026807 2024] [:error] [pid 2025392] [client 91.215.85.29:54350] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /store/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZgHqGNPKUCI6d3b2VZCJSgAAAAM"]
[Mon Mar 25 22:18:16.027331 2024] [:error] [pid 2025392] [client 91.215.85.29:54350] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZgHqGNPKUCI6d3b2VZCJSgAAAAM"]
[Mon Mar 25 22:18:16.027717 2024] [:error] [pid 2025392] [client 91.215.85.29:54350] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZgHqGNPKUCI6d3b2VZCJSgAAAAM"]
[Mon Mar 25 22:18:16.064979 2024] [:error] [pid 2025394] [client 91.215.85.29:54366] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /user/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZgHqGNBOsPOWY3hOfBgw0QAAAAU"]
[Mon Mar 25 22:18:16.068025 2024] [:error] [pid 2025390] [client 91.215.85.29:54398] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZgHqGIIuwaJZiPZ1lzKBJAAAAAE"]
[Mon Mar 25 22:18:16.068513 2024] [:error] [pid 2025390] [client 91.215.85.29:54398] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZgHqGIIuwaJZiPZ1lzKBJAAAAAE"]
[Mon Mar 25 22:18:16.068770 2024] [:error] [pid 2025394] [client 91.215.85.29:54366] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZgHqGNBOsPOWY3hOfBgw0QAAAAU"]
[Mon Mar 25 22:18:16.068945 2024] [:error] [pid 2025390] [client 91.215.85.29:54398] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZgHqGIIuwaJZiPZ1lzKBJAAAAAE"]
[Mon Mar 25 22:18:16.069039 2024] [:error] [pid 2025394] [client 91.215.85.29:54366] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZgHqGNBOsPOWY3hOfBgw0QAAAAU"]
[Mon Mar 25 22:18:16.077683 2024] [:error] [pid 2025393] [client 91.215.85.29:54404] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZgHqGExqzvAhw1tF-y09XQAAAAQ"]
[Mon Mar 25 22:18:16.077925 2024] [:error] [pid 2025393] [client 91.215.85.29:54404] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZgHqGExqzvAhw1tF-y09XQAAAAQ"]
[Mon Mar 25 22:18:16.078087 2024] [:error] [pid 2025393] [client 91.215.85.29:54404] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZgHqGExqzvAhw1tF-y09XQAAAAQ"]
[Mon Mar 25 22:18:16.085213 2024] [:error] [pid 2027220] [client 91.215.85.29:54352] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /test/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZgHqGBEDTPsfUVS202YOAgAAAAY"]
[Mon Mar 25 22:18:16.085415 2024] [:error] [pid 2027220] [client 91.215.85.29:54352] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZgHqGBEDTPsfUVS202YOAgAAAAY"]
[Mon Mar 25 22:18:16.085595 2024] [:error] [pid 2027220] [client 91.215.85.29:54352] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZgHqGBEDTPsfUVS202YOAgAAAAY"]
[Mon Mar 25 22:18:16.124121 2024] [:error] [pid 2025392] [client 91.215.85.29:54430] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wiki/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZgHqGNPKUCI6d3b2VZCJSwAAAAM"]
[Mon Mar 25 22:18:16.124808 2024] [:error] [pid 2025392] [client 91.215.85.29:54430] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZgHqGNPKUCI6d3b2VZCJSwAAAAM"]
[Mon Mar 25 22:18:16.126321 2024] [:error] [pid 2025389] [client 91.215.85.29:54400] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZgHqGLUhH0n0eKl87GcSWwAAAAA"]
[Mon Mar 25 22:18:16.126676 2024] [:error] [pid 2025389] [client 91.215.85.29:54400] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZgHqGLUhH0n0eKl87GcSWwAAAAA"]
[Mon Mar 25 22:18:16.126967 2024] [:error] [pid 2025389] [client 91.215.85.29:54400] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZgHqGLUhH0n0eKl87GcSWwAAAAA"]
[Mon Mar 25 22:18:16.127618 2024] [:error] [pid 2027224] [client 91.215.85.29:54420] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZgHqGJLtBkaAwWmXXFxMhgAAAAc"]
[Mon Mar 25 22:18:16.128034 2024] [:error] [pid 2027224] [client 91.215.85.29:54420] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZgHqGJLtBkaAwWmXXFxMhgAAAAc"]
[Mon Mar 25 22:18:16.128296 2024] [:error] [pid 2025391] [client 91.215.85.29:54382] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZgHqGA7yBQMRBVFeIK9tGgAAAAI"]
[Mon Mar 25 22:18:16.128673 2024] [:error] [pid 2025391] [client 91.215.85.29:54382] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZgHqGA7yBQMRBVFeIK9tGgAAAAI"]
[Mon Mar 25 22:18:16.128923 2024] [:error] [pid 2025391] [client 91.215.85.29:54382] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZgHqGA7yBQMRBVFeIK9tGgAAAAI"]
[Mon Mar 25 22:18:16.129769 2024] [:error] [pid 2027224] [client 91.215.85.29:54420] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZgHqGJLtBkaAwWmXXFxMhgAAAAc"]
[Mon Mar 25 22:18:16.130549 2024] [:error] [pid 2025392] [client 91.215.85.29:54430] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZgHqGNPKUCI6d3b2VZCJSwAAAAM"]
[Mon Mar 25 22:18:16.130891 2024] [:error] [pid 2027228] [client 91.215.85.29:54446] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZgHqGID7xpu1aVB_6ANFqAAAAAg"]
[Mon Mar 25 22:18:16.131408 2024] [:error] [pid 2027228] [client 91.215.85.29:54446] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZgHqGID7xpu1aVB_6ANFqAAAAAg"]
[Mon Mar 25 22:18:16.131818 2024] [:error] [pid 2027228] [client 91.215.85.29:54446] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZgHqGID7xpu1aVB_6ANFqAAAAAg"]
[Mon Mar 25 22:18:16.132902 2024] [:error] [pid 2028694] [client 91.215.85.29:54438] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZgHqGOCYinOrL-HIbyGCJgAAAAk"]
[Mon Mar 25 22:18:16.133084 2024] [:error] [pid 2028694] [client 91.215.85.29:54438] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZgHqGOCYinOrL-HIbyGCJgAAAAk"]
[Mon Mar 25 22:18:16.133251 2024] [:error] [pid 2028694] [client 91.215.85.29:54438] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZgHqGOCYinOrL-HIbyGCJgAAAAk"]
[Mon Mar 25 22:18:16.164824 2024] [:error] [pid 2025394] [client 91.215.85.29:54460] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-includes/js/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZgHqGNBOsPOWY3hOfBgw0gAAAAU"]
[Mon Mar 25 22:18:16.165078 2024] [:error] [pid 2025394] [client 91.215.85.29:54460] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZgHqGNBOsPOWY3hOfBgw0gAAAAU"]
[Mon Mar 25 22:18:16.165255 2024] [:error] [pid 2025394] [client 91.215.85.29:54460] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZgHqGNBOsPOWY3hOfBgw0gAAAAU"]
[Mon Mar 25 22:18:16.165256 2024] [:error] [pid 2025390] [client 91.215.85.29:54454] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZgHqGIIuwaJZiPZ1lzKBJQAAAAE"]
[Mon Mar 25 22:18:16.165747 2024] [:error] [pid 2025390] [client 91.215.85.29:54454] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZgHqGIIuwaJZiPZ1lzKBJQAAAAE"]
[Mon Mar 25 22:18:16.166149 2024] [:error] [pid 2025390] [client 91.215.85.29:54454] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZgHqGIIuwaJZiPZ1lzKBJQAAAAE"]
[Wed Apr 03 09:03:54.883431 2024] [:error] [pid 2230843] [client 91.215.85.29:53052] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Zgz_Wu0iJ8o9USv49PhhAgAAAA0"]
[Wed Apr 03 09:03:54.885583 2024] [:error] [pid 2230843] [client 91.215.85.29:53052] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Zgz_Wu0iJ8o9USv49PhhAgAAAA0"]
[Wed Apr 03 09:03:54.886031 2024] [:error] [pid 2230843] [client 91.215.85.29:53052] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Zgz_Wu0iJ8o9USv49PhhAgAAAA0"]
[Wed Apr 03 09:03:54.891400 2024] [:error] [pid 2230835] [client 91.215.85.29:53064] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Zgz_WgFxYREdOVJ32pclVwAAAAY"]
[Wed Apr 03 09:03:54.891857 2024] [:error] [pid 2230835] [client 91.215.85.29:53064] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Zgz_WgFxYREdOVJ32pclVwAAAAY"]
[Wed Apr 03 09:03:54.892112 2024] [:error] [pid 2230835] [client 91.215.85.29:53064] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Zgz_WgFxYREdOVJ32pclVwAAAAY"]
[Wed Apr 03 09:03:54.903064 2024] [:error] [pid 2230840] [client 91.215.85.29:53072] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /aomanalyzer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Zgz_WjTnKRItLao_rhnEPAAAAAo"]
[Wed Apr 03 09:03:54.903621 2024] [:error] [pid 2230840] [client 91.215.85.29:53072] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Zgz_WjTnKRItLao_rhnEPAAAAAo"]
[Wed Apr 03 09:03:54.904028 2024] [:error] [pid 2230840] [client 91.215.85.29:53072] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Zgz_WjTnKRItLao_rhnEPAAAAAo"]
[Wed Apr 03 09:03:54.918231 2024] [:error] [pid 2230841] [client 91.215.85.29:53074] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /a/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Zgz_WpTjQsDtbajOrGwvjQAAAAs"]
[Wed Apr 03 09:03:54.918797 2024] [:error] [pid 2230841] [client 91.215.85.29:53074] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Zgz_WpTjQsDtbajOrGwvjQAAAAs"]
[Wed Apr 03 09:03:54.920888 2024] [:error] [pid 2230841] [client 91.215.85.29:53074] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Zgz_WpTjQsDtbajOrGwvjQAAAAs"]
[Wed Apr 03 09:03:54.938808 2024] [:error] [pid 2228853] [client 91.215.85.29:53090] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Zgz_WggFjuP0VcLbM5tQdAAAAAU"]
[Wed Apr 03 09:03:54.939543 2024] [:error] [pid 2228853] [client 91.215.85.29:53090] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Zgz_WggFjuP0VcLbM5tQdAAAAAU"]
[Wed Apr 03 09:03:54.939964 2024] [:error] [pid 2228853] [client 91.215.85.29:53090] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Zgz_WggFjuP0VcLbM5tQdAAAAAU"]
[Wed Apr 03 09:03:54.948794 2024] [:error] [pid 2228852] [client 91.215.85.29:53100] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /amphtml/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Zgz_Wg-iKLEE0C6YcDZSxgAAAAQ"]
[Wed Apr 03 09:03:54.949240 2024] [:error] [pid 2228852] [client 91.215.85.29:53100] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Zgz_Wg-iKLEE0C6YcDZSxgAAAAQ"]
[Wed Apr 03 09:03:54.949683 2024] [:error] [pid 2228852] [client 91.215.85.29:53100] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Zgz_Wg-iKLEE0C6YcDZSxgAAAAQ"]
[Wed Apr 03 09:03:54.959766 2024] [:error] [pid 2230842] [client 91.215.85.29:53104] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zgz_WtbzVbhphexfEPwWBwAAAAw"]
[Wed Apr 03 09:03:54.960295 2024] [:error] [pid 2230842] [client 91.215.85.29:53104] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zgz_WtbzVbhphexfEPwWBwAAAAw"]
[Wed Apr 03 09:03:54.960779 2024] [:error] [pid 2230842] [client 91.215.85.29:53104] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zgz_WtbzVbhphexfEPwWBwAAAAw"]
[Wed Apr 03 09:03:54.970329 2024] [:error] [pid 2228850] [client 91.215.85.29:53126] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Zgz_WkL5fnNG-RUF8dnHGgAAAAI"]
[Wed Apr 03 09:03:54.970701 2024] [:error] [pid 2228850] [client 91.215.85.29:53126] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Zgz_WkL5fnNG-RUF8dnHGgAAAAI"]
[Wed Apr 03 09:03:54.971009 2024] [:error] [pid 2228850] [client 91.215.85.29:53126] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Zgz_WkL5fnNG-RUF8dnHGgAAAAI"]
[Wed Apr 03 09:03:54.974986 2024] [:error] [pid 2228849] [client 91.215.85.29:53118] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Zgz_WrxBoV88e0MwmeBjIAAAAAE"]
[Wed Apr 03 09:03:54.975558 2024] [:error] [pid 2228849] [client 91.215.85.29:53118] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Zgz_WrxBoV88e0MwmeBjIAAAAAE"]
[Wed Apr 03 09:03:54.976015 2024] [:error] [pid 2228849] [client 91.215.85.29:53118] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Zgz_WrxBoV88e0MwmeBjIAAAAAE"]
[Wed Apr 03 09:03:55.032877 2024] [:error] [pid 2230843] [client 91.215.85.29:53154] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhAwAAAA0"]
[Wed Apr 03 09:03:55.033505 2024] [:error] [pid 2230843] [client 91.215.85.29:53154] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhAwAAAA0"]
[Wed Apr 03 09:03:55.033906 2024] [:error] [pid 2230843] [client 91.215.85.29:53154] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhAwAAAA0"]
[Wed Apr 03 09:03:55.037699 2024] [:error] [pid 2230835] [client 91.215.85.29:53170] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWAAAAAY"]
[Wed Apr 03 09:03:55.038321 2024] [:error] [pid 2230835] [client 91.215.85.29:53170] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWAAAAAY"]
[Wed Apr 03 09:03:55.038772 2024] [:error] [pid 2230835] [client 91.215.85.29:53170] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWAAAAAY"]
[Wed Apr 03 09:03:55.040383 2024] [:error] [pid 2228848] [client 91.215.85.29:53138] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45QAAAAA"]
[Wed Apr 03 09:03:55.040878 2024] [:error] [pid 2228848] [client 91.215.85.29:53138] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45QAAAAA"]
[Wed Apr 03 09:03:55.041243 2024] [:error] [pid 2228848] [client 91.215.85.29:53138] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45QAAAAA"]
[Wed Apr 03 09:03:55.043824 2024] [:error] [pid 2230840] [client 91.215.85.29:53142] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPQAAAAo"]
[Wed Apr 03 09:03:55.044108 2024] [:error] [pid 2230840] [client 91.215.85.29:53142] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPQAAAAo"]
[Wed Apr 03 09:03:55.044284 2024] [:error] [pid 2230840] [client 91.215.85.29:53142] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPQAAAAo"]
[Wed Apr 03 09:03:55.061600 2024] [:error] [pid 2228853] [client 91.215.85.29:53192] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdQAAAAU"]
[Wed Apr 03 09:03:55.061818 2024] [:error] [pid 2230841] [client 91.215.85.29:53184] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvjgAAAAs"]
[Wed Apr 03 09:03:55.061940 2024] [:error] [pid 2228853] [client 91.215.85.29:53192] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdQAAAAU"]
[Wed Apr 03 09:03:55.062165 2024] [:error] [pid 2228853] [client 91.215.85.29:53192] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdQAAAAU"]
[Wed Apr 03 09:03:55.062356 2024] [:error] [pid 2230841] [client 91.215.85.29:53184] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvjgAAAAs"]
[Wed Apr 03 09:03:55.062785 2024] [:error] [pid 2230841] [client 91.215.85.29:53184] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvjgAAAAs"]
[Wed Apr 03 09:03:55.071137 2024] [:error] [pid 2228852] [client 91.215.85.29:53218] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSxwAAAAQ"]
[Wed Apr 03 09:03:55.071570 2024] [:error] [pid 2228852] [client 91.215.85.29:53218] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSxwAAAAQ"]
[Wed Apr 03 09:03:55.071909 2024] [:error] [pid 2228852] [client 91.215.85.29:53218] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSxwAAAAQ"]
[Wed Apr 03 09:03:55.077625 2024] [:error] [pid 2230842] [client 91.215.85.29:53202] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCAAAAAw"]
[Wed Apr 03 09:03:55.078086 2024] [:error] [pid 2230842] [client 91.215.85.29:53202] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCAAAAAw"]
[Wed Apr 03 09:03:55.078478 2024] [:error] [pid 2230842] [client 91.215.85.29:53202] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCAAAAAw"]
[Wed Apr 03 09:03:55.090588 2024] [:error] [pid 2228850] [client 91.215.85.29:53224] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHGwAAAAI"]
[Wed Apr 03 09:03:55.091063 2024] [:error] [pid 2228850] [client 91.215.85.29:53224] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHGwAAAAI"]
[Wed Apr 03 09:03:55.091368 2024] [:error] [pid 2228850] [client 91.215.85.29:53224] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHGwAAAAI"]
[Wed Apr 03 09:03:55.094844 2024] [:error] [pid 2228849] [client 91.215.85.29:53232] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIQAAAAE"]
[Wed Apr 03 09:03:55.095328 2024] [:error] [pid 2228849] [client 91.215.85.29:53232] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIQAAAAE"]
[Wed Apr 03 09:03:55.095711 2024] [:error] [pid 2228849] [client 91.215.85.29:53232] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIQAAAAE"]
[Wed Apr 03 09:03:55.129759 2024] [:error] [pid 2230843] [client 91.215.85.29:53238] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBAAAAA0"]
[Wed Apr 03 09:03:55.130311 2024] [:error] [pid 2230843] [client 91.215.85.29:53238] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBAAAAA0"]
[Wed Apr 03 09:03:55.130760 2024] [:error] [pid 2230843] [client 91.215.85.29:53238] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBAAAAA0"]
[Wed Apr 03 09:03:55.134776 2024] [:error] [pid 2230835] [client 91.215.85.29:53248] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /beta/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWQAAAAY"]
[Wed Apr 03 09:03:55.135064 2024] [:error] [pid 2230835] [client 91.215.85.29:53248] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWQAAAAY"]
[Wed Apr 03 09:03:55.135294 2024] [:error] [pid 2230835] [client 91.215.85.29:53248] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWQAAAAY"]
[Wed Apr 03 09:03:55.139047 2024] [:error] [pid 2228848] [client 91.215.85.29:53272] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45gAAAAA"]
[Wed Apr 03 09:03:55.139307 2024] [:error] [pid 2228848] [client 91.215.85.29:53272] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45gAAAAA"]
[Wed Apr 03 09:03:55.139524 2024] [:error] [pid 2228848] [client 91.215.85.29:53272] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45gAAAAA"]
[Wed Apr 03 09:03:55.148001 2024] [:error] [pid 2230840] [client 91.215.85.29:53262] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPgAAAAo"]
[Wed Apr 03 09:03:55.148603 2024] [:error] [pid 2230840] [client 91.215.85.29:53262] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPgAAAAo"]
[Wed Apr 03 09:03:55.148997 2024] [:error] [pid 2230840] [client 91.215.85.29:53262] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPgAAAAo"]
[Wed Apr 03 09:03:55.161972 2024] [:error] [pid 2228853] [client 91.215.85.29:53276] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /build/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdgAAAAU"]
[Wed Apr 03 09:03:55.162414 2024] [:error] [pid 2228853] [client 91.215.85.29:53276] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdgAAAAU"]
[Wed Apr 03 09:03:55.162742 2024] [:error] [pid 2228853] [client 91.215.85.29:53276] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdgAAAAU"]
[Wed Apr 03 09:03:55.164888 2024] [:error] [pid 2230841] [client 91.215.85.29:53282] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvjwAAAAs"]
[Wed Apr 03 09:03:55.165118 2024] [:error] [pid 2230841] [client 91.215.85.29:53282] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvjwAAAAs"]
[Wed Apr 03 09:03:55.165351 2024] [:error] [pid 2230841] [client 91.215.85.29:53282] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvjwAAAAs"]
[Wed Apr 03 09:03:55.189224 2024] [:error] [pid 2228852] [client 91.215.85.29:53292] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSyAAAAAQ"]
[Wed Apr 03 09:03:55.189644 2024] [:error] [pid 2228852] [client 91.215.85.29:53292] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSyAAAAAQ"]
[Wed Apr 03 09:03:55.189953 2024] [:error] [pid 2228852] [client 91.215.85.29:53292] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSyAAAAAQ"]
[Wed Apr 03 09:03:55.195280 2024] [:error] [pid 2230842] [client 91.215.85.29:53302] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCQAAAAw"]
[Wed Apr 03 09:03:55.196002 2024] [:error] [pid 2230842] [client 91.215.85.29:53302] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCQAAAAw"]
[Wed Apr 03 09:03:55.196411 2024] [:error] [pid 2230842] [client 91.215.85.29:53302] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCQAAAAw"]
[Wed Apr 03 09:03:55.197159 2024] [:error] [pid 2228849] [client 91.215.85.29:53316] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIgAAAAE"]
[Wed Apr 03 09:03:55.197563 2024] [:error] [pid 2228849] [client 91.215.85.29:53316] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIgAAAAE"]
[Wed Apr 03 09:03:55.197810 2024] [:error] [pid 2228849] [client 91.215.85.29:53316] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIgAAAAE"]
[Wed Apr 03 09:03:55.200622 2024] [:error] [pid 2228850] [client 91.215.85.29:53312] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHAAAAAI"]
[Wed Apr 03 09:03:55.201177 2024] [:error] [pid 2228850] [client 91.215.85.29:53312] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHAAAAAI"]
[Wed Apr 03 09:03:55.201591 2024] [:error] [pid 2228850] [client 91.215.85.29:53312] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHAAAAAI"]
[Wed Apr 03 09:03:55.230451 2024] [:error] [pid 2230843] [client 91.215.85.29:53324] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /demo/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBQAAAA0"]
[Wed Apr 03 09:03:55.231036 2024] [:error] [pid 2230843] [client 91.215.85.29:53324] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBQAAAA0"]
[Wed Apr 03 09:03:55.231524 2024] [:error] [pid 2230843] [client 91.215.85.29:53324] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBQAAAA0"]
[Wed Apr 03 09:03:55.234246 2024] [:error] [pid 2230835] [client 91.215.85.29:53330] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /developer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWgAAAAY"]
[Wed Apr 03 09:03:55.234754 2024] [:error] [pid 2230835] [client 91.215.85.29:53330] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWgAAAAY"]
[Wed Apr 03 09:03:55.235211 2024] [:error] [pid 2230835] [client 91.215.85.29:53330] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWgAAAAY"]
[Wed Apr 03 09:03:55.237091 2024] [:error] [pid 2228848] [client 91.215.85.29:53344] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45wAAAAA"]
[Wed Apr 03 09:03:55.237313 2024] [:error] [pid 2228848] [client 91.215.85.29:53344] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45wAAAAA"]
[Wed Apr 03 09:03:55.237483 2024] [:error] [pid 2228848] [client 91.215.85.29:53344] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ45wAAAAA"]
[Wed Apr 03 09:03:55.249436 2024] [:error] [pid 2230840] [client 91.215.85.29:53358] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /flock/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPwAAAAo"]
[Wed Apr 03 09:03:55.249746 2024] [:error] [pid 2230840] [client 91.215.85.29:53358] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPwAAAAo"]
[Wed Apr 03 09:03:55.249982 2024] [:error] [pid 2230840] [client 91.215.85.29:53358] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEPwAAAAo"]
[Wed Apr 03 09:03:55.265786 2024] [:error] [pid 2228853] [client 91.215.85.29:53370] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /gateway/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdwAAAAU"]
[Wed Apr 03 09:03:55.266226 2024] [:error] [pid 2228853] [client 91.215.85.29:53370] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdwAAAAU"]
[Wed Apr 03 09:03:55.266461 2024] [:error] [pid 2228853] [client 91.215.85.29:53370] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQdwAAAAU"]
[Wed Apr 03 09:03:55.267943 2024] [:error] [pid 2230841] [client 91.215.85.29:53378] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkAAAAAs"]
[Wed Apr 03 09:03:55.268380 2024] [:error] [pid 2230841] [client 91.215.85.29:53378] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkAAAAAs"]
[Wed Apr 03 09:03:55.268748 2024] [:error] [pid 2230841] [client 91.215.85.29:53378] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkAAAAAs"]
[Wed Apr 03 09:03:55.290302 2024] [:error] [pid 2228852] [client 91.215.85.29:53384] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /includes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSyQAAAAQ"]
[Wed Apr 03 09:03:55.290877 2024] [:error] [pid 2228852] [client 91.215.85.29:53384] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSyQAAAAQ"]
[Wed Apr 03 09:03:55.291307 2024] [:error] [pid 2228852] [client 91.215.85.29:53384] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSyQAAAAQ"]
[Wed Apr 03 09:03:55.295527 2024] [:error] [pid 2230842] [client 91.215.85.29:53406] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /__macosx/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCgAAAAw"]
[Wed Apr 03 09:03:55.296935 2024] [:error] [pid 2230842] [client 91.215.85.29:53406] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCgAAAAw"]
[Wed Apr 03 09:03:55.297217 2024] [:error] [pid 2230842] [client 91.215.85.29:53406] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCgAAAAw"]
[Wed Apr 03 09:03:55.298260 2024] [:error] [pid 2234703] [client 91.215.85.29:53380] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /git/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCQAAAAM"]
[Wed Apr 03 09:03:55.298599 2024] [:error] [pid 2234703] [client 91.215.85.29:53380] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCQAAAAM"]
[Wed Apr 03 09:03:55.298862 2024] [:error] [pid 2234703] [client 91.215.85.29:53380] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCQAAAAM"]
[Wed Apr 03 09:03:55.301075 2024] [:error] [pid 2228849] [client 91.215.85.29:53398] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /live/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIwAAAAE"]
[Wed Apr 03 09:03:55.301374 2024] [:error] [pid 2228849] [client 91.215.85.29:53398] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIwAAAAE"]
[Wed Apr 03 09:03:55.301609 2024] [:error] [pid 2228849] [client 91.215.85.29:53398] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjIwAAAAE"]
[Wed Apr 03 09:03:55.304301 2024] [:error] [pid 2228850] [client 91.215.85.29:53408] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /m/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHQAAAAI"]
[Wed Apr 03 09:03:55.304617 2024] [:error] [pid 2228850] [client 91.215.85.29:53408] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHQAAAAI"]
[Wed Apr 03 09:03:55.304840 2024] [:error] [pid 2228850] [client 91.215.85.29:53408] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHQAAAAI"]
[Wed Apr 03 09:03:55.331810 2024] [:error] [pid 2230835] [client 91.215.85.29:53410] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /new/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWwAAAAY"]
[Wed Apr 03 09:03:55.332141 2024] [:error] [pid 2230835] [client 91.215.85.29:53410] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWwAAAAY"]
[Wed Apr 03 09:03:55.332391 2024] [:error] [pid 2230835] [client 91.215.85.29:53410] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclWwAAAAY"]
[Wed Apr 03 09:03:55.336192 2024] [:error] [pid 2230843] [client 91.215.85.29:53424] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /node_modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBgAAAA0"]
[Wed Apr 03 09:03:55.336951 2024] [:error] [pid 2230843] [client 91.215.85.29:53424] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBgAAAA0"]
[Wed Apr 03 09:03:55.338692 2024] [:error] [pid 2230843] [client 91.215.85.29:53424] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBgAAAA0"]
[Wed Apr 03 09:03:55.341833 2024] [:error] [pid 2228848] [client 91.215.85.29:53426] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /alpha/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46AAAAAA"]
[Wed Apr 03 09:03:55.342365 2024] [:error] [pid 2228848] [client 91.215.85.29:53426] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46AAAAAA"]
[Wed Apr 03 09:03:55.342762 2024] [:error] [pid 2228848] [client 91.215.85.29:53426] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46AAAAAA"]
[Wed Apr 03 09:03:55.349773 2024] [:error] [pid 2230840] [client 91.215.85.29:53428] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /old-cuburn/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQAAAAAo"]
[Wed Apr 03 09:03:55.350179 2024] [:error] [pid 2230840] [client 91.215.85.29:53428] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQAAAAAo"]
[Wed Apr 03 09:03:55.350538 2024] [:error] [pid 2230840] [client 91.215.85.29:53428] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQAAAAAo"]
[Wed Apr 03 09:03:55.370082 2024] [:error] [pid 2228853] [client 91.215.85.29:53434] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQeAAAAAU"]
[Wed Apr 03 09:03:55.370529 2024] [:error] [pid 2228853] [client 91.215.85.29:53434] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQeAAAAAU"]
[Wed Apr 03 09:03:55.370862 2024] [:error] [pid 2228853] [client 91.215.85.29:53434] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQeAAAAAU"]
[Wed Apr 03 09:03:55.374258 2024] [:error] [pid 2230841] [client 91.215.85.29:53440] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /qa/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkQAAAAs"]
[Wed Apr 03 09:03:55.374745 2024] [:error] [pid 2230841] [client 91.215.85.29:53440] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkQAAAAs"]
[Wed Apr 03 09:03:55.375137 2024] [:error] [pid 2230841] [client 91.215.85.29:53440] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkQAAAAs"]
[Wed Apr 03 09:03:55.392389 2024] [:error] [pid 2228852] [client 91.215.85.29:53446] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repos/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSygAAAAQ"]
[Wed Apr 03 09:03:55.392983 2024] [:error] [pid 2228852] [client 91.215.85.29:53446] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSygAAAAQ"]
[Wed Apr 03 09:03:55.394544 2024] [:error] [pid 2228852] [client 91.215.85.29:53446] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSygAAAAQ"]
[Wed Apr 03 09:03:55.394697 2024] [:error] [pid 2230842] [client 91.215.85.29:53462] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repository/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCwAAAAw"]
[Wed Apr 03 09:03:55.395328 2024] [:error] [pid 2230842] [client 91.215.85.29:53462] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCwAAAAw"]
[Wed Apr 03 09:03:55.395809 2024] [:error] [pid 2230842] [client 91.215.85.29:53462] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWCwAAAAw"]
[Wed Apr 03 09:03:55.399791 2024] [:error] [pid 2228849] [client 91.215.85.29:53482] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /samples/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjJAAAAAE"]
[Wed Apr 03 09:03:55.400191 2024] [:error] [pid 2228849] [client 91.215.85.29:53482] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjJAAAAAE"]
[Wed Apr 03 09:03:55.400442 2024] [:error] [pid 2228849] [client 91.215.85.29:53482] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjJAAAAAE"]
[Wed Apr 03 09:03:55.401857 2024] [:error] [pid 2234703] [client 91.215.85.29:53470] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCgAAAAM"]
[Wed Apr 03 09:03:55.402182 2024] [:error] [pid 2234703] [client 91.215.85.29:53470] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCgAAAAM"]
[Wed Apr 03 09:03:55.402432 2024] [:error] [pid 2234703] [client 91.215.85.29:53470] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCgAAAAM"]
[Wed Apr 03 09:03:55.409197 2024] [:error] [pid 2228850] [client 91.215.85.29:53486] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHgAAAAI"]
[Wed Apr 03 09:03:55.409535 2024] [:error] [pid 2228850] [client 91.215.85.29:53486] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHgAAAAI"]
[Wed Apr 03 09:03:55.409833 2024] [:error] [pid 2228850] [client 91.215.85.29:53486] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHgAAAAI"]
[Wed Apr 03 09:03:55.427120 2024] [:error] [pid 2230835] [client 91.215.85.29:53500] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclXAAAAAY"]
[Wed Apr 03 09:03:55.427484 2024] [:error] [pid 2230835] [client 91.215.85.29:53500] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclXAAAAAY"]
[Wed Apr 03 09:03:55.427794 2024] [:error] [pid 2230835] [client 91.215.85.29:53500] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclXAAAAAY"]
[Wed Apr 03 09:03:55.438870 2024] [:error] [pid 2230843] [client 91.215.85.29:53504] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBwAAAA0"]
[Wed Apr 03 09:03:55.439417 2024] [:error] [pid 2230843] [client 91.215.85.29:53504] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBwAAAA0"]
[Wed Apr 03 09:03:55.439821 2024] [:error] [pid 2230843] [client 91.215.85.29:53504] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhBwAAAA0"]
[Wed Apr 03 09:03:55.443593 2024] [:error] [pid 2228848] [client 91.215.85.29:53518] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46QAAAAA"]
[Wed Apr 03 09:03:55.444073 2024] [:error] [pid 2228848] [client 91.215.85.29:53518] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46QAAAAA"]
[Wed Apr 03 09:03:55.444458 2024] [:error] [pid 2228848] [client 91.215.85.29:53518] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46QAAAAA"]
[Wed Apr 03 09:03:55.449715 2024] [:error] [pid 2230840] [client 91.215.85.29:53540] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /store/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQQAAAAo"]
[Wed Apr 03 09:03:55.450111 2024] [:error] [pid 2230840] [client 91.215.85.29:53540] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQQAAAAo"]
[Wed Apr 03 09:03:55.450466 2024] [:error] [pid 2230840] [client 91.215.85.29:53540] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQQAAAAo"]
[Wed Apr 03 09:03:55.475593 2024] [:error] [pid 2228853] [client 91.215.85.29:53526] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /static/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQeQAAAAU"]
[Wed Apr 03 09:03:55.476089 2024] [:error] [pid 2230841] [client 91.215.85.29:53552] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /user/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkgAAAAs"]
[Wed Apr 03 09:03:55.476114 2024] [:error] [pid 2228853] [client 91.215.85.29:53526] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQeQAAAAU"]
[Wed Apr 03 09:03:55.476565 2024] [:error] [pid 2228853] [client 91.215.85.29:53526] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQeQAAAAU"]
[Wed Apr 03 09:03:55.476695 2024] [:error] [pid 2230841] [client 91.215.85.29:53552] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkgAAAAs"]
[Wed Apr 03 09:03:55.477137 2024] [:error] [pid 2230841] [client 91.215.85.29:53552] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkgAAAAs"]
[Wed Apr 03 09:03:55.497683 2024] [:error] [pid 2228852] [client 91.215.85.29:53568] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSywAAAAQ"]
[Wed Apr 03 09:03:55.498315 2024] [:error] [pid 2228852] [client 91.215.85.29:53568] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSywAAAAQ"]
[Wed Apr 03 09:03:55.498737 2024] [:error] [pid 2228852] [client 91.215.85.29:53568] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Zgz_Ww-iKLEE0C6YcDZSywAAAAQ"]
[Wed Apr 03 09:03:55.501181 2024] [:error] [pid 2228849] [client 91.215.85.29:53554] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjJQAAAAE"]
[Wed Apr 03 09:03:55.501487 2024] [:error] [pid 2230842] [client 91.215.85.29:53542] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /test/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWDAAAAAw"]
[Wed Apr 03 09:03:55.501889 2024] [:error] [pid 2230842] [client 91.215.85.29:53542] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWDAAAAAw"]
[Wed Apr 03 09:03:55.501934 2024] [:error] [pid 2228849] [client 91.215.85.29:53554] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjJQAAAAE"]
[Wed Apr 03 09:03:55.502170 2024] [:error] [pid 2230842] [client 91.215.85.29:53542] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Zgz_W9bzVbhphexfEPwWDAAAAAw"]
[Wed Apr 03 09:03:55.502390 2024] [:error] [pid 2228849] [client 91.215.85.29:53554] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Zgz_W7xBoV88e0MwmeBjJQAAAAE"]
[Wed Apr 03 09:03:55.503462 2024] [:error] [pid 2234703] [client 91.215.85.29:53584] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCwAAAAM"]
[Wed Apr 03 09:03:55.503801 2024] [:error] [pid 2234703] [client 91.215.85.29:53584] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCwAAAAM"]
[Wed Apr 03 09:03:55.504083 2024] [:error] [pid 2234703] [client 91.215.85.29:53584] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zgz_W8Qkj7Byu4QbeJvJCwAAAAM"]
[Wed Apr 03 09:03:55.514188 2024] [:error] [pid 2228850] [client 91.215.85.29:53580] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHwAAAAI"]
[Wed Apr 03 09:03:55.514403 2024] [:error] [pid 2228850] [client 91.215.85.29:53580] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHwAAAAI"]
[Wed Apr 03 09:03:55.514577 2024] [:error] [pid 2228850] [client 91.215.85.29:53580] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Zgz_W0L5fnNG-RUF8dnHHwAAAAI"]
[Wed Apr 03 09:03:55.527301 2024] [:error] [pid 2230835] [client 91.215.85.29:53596] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclXQAAAAY"]
[Wed Apr 03 09:03:55.527590 2024] [:error] [pid 2230835] [client 91.215.85.29:53596] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclXQAAAAY"]
[Wed Apr 03 09:03:55.527815 2024] [:error] [pid 2230835] [client 91.215.85.29:53596] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zgz_WwFxYREdOVJ32pclXQAAAAY"]
[Wed Apr 03 09:03:55.535096 2024] [:error] [pid 2230843] [client 91.215.85.29:53608] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wiki/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhCAAAAA0"]
[Wed Apr 03 09:03:55.535423 2024] [:error] [pid 2230843] [client 91.215.85.29:53608] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhCAAAAA0"]
[Wed Apr 03 09:03:55.535702 2024] [:error] [pid 2230843] [client 91.215.85.29:53608] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Zgz_W-0iJ8o9USv49PhhCAAAAA0"]
[Wed Apr 03 09:03:55.544833 2024] [:error] [pid 2228848] [client 91.215.85.29:53612] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46gAAAAA"]
[Wed Apr 03 09:03:55.545357 2024] [:error] [pid 2228848] [client 91.215.85.29:53612] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46gAAAAA"]
[Wed Apr 03 09:03:55.545795 2024] [:error] [pid 2228848] [client 91.215.85.29:53612] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zgz_W47f3rgtRC4ZUcZ46gAAAAA"]
[Wed Apr 03 09:03:55.549764 2024] [:error] [pid 2230840] [client 91.215.85.29:53624] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQgAAAAo"]
[Wed Apr 03 09:03:55.550327 2024] [:error] [pid 2230840] [client 91.215.85.29:53624] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQgAAAAo"]
[Wed Apr 03 09:03:55.550710 2024] [:error] [pid 2230840] [client 91.215.85.29:53624] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zgz_WzTnKRItLao_rhnEQgAAAAo"]
[Wed Apr 03 09:03:55.577604 2024] [:error] [pid 2230841] [client 91.215.85.29:53622] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkwAAAAs"]
[Wed Apr 03 09:03:55.578011 2024] [:error] [pid 2230841] [client 91.215.85.29:53622] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkwAAAAs"]
[Wed Apr 03 09:03:55.578451 2024] [:error] [pid 2230841] [client 91.215.85.29:53622] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Zgz_W5TjQsDtbajOrGwvkwAAAAs"]
[Wed Apr 03 09:03:55.582613 2024] [:error] [pid 2228853] [client 91.215.85.29:53638] [client 91.215.85.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-includes/js/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQegAAAAU"]
[Wed Apr 03 09:03:55.583309 2024] [:error] [pid 2228853] [client 91.215.85.29:53638] [client 91.215.85.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQegAAAAU"]
[Wed Apr 03 09:03:55.583719 2024] [:error] [pid 2228853] [client 91.215.85.29:53638] [client 91.215.85.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "Zgz_WwgFjuP0VcLbM5tQegAAAAU"]
[Wed Apr 03 12:47:47.898847 2024] [:error] [pid 2228850] [client 31.220.0.86:42016] [client 31.220.0.86] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zg0z00L5fnNG-RUF8dnHKAAAAAI"]
[Wed Apr 03 12:47:47.901610 2024] [:error] [pid 2228850] [client 31.220.0.86:42016] [client 31.220.0.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zg0z00L5fnNG-RUF8dnHKAAAAAI"]
[Wed Apr 03 12:47:47.902118 2024] [:error] [pid 2228850] [client 31.220.0.86:42016] [client 31.220.0.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zg0z00L5fnNG-RUF8dnHKAAAAAI"]
[Mon Apr 15 03:22:06.645871 2024] [:error] [pid 2512697] [client 193.32.162.99:38216] [client 193.32.162.99] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBPoz4Btj1NyCBPQ2V9QAAAAM"]
[Mon Apr 15 03:22:06.647645 2024] [:error] [pid 2512697] [client 193.32.162.99:38216] [client 193.32.162.99] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBPoz4Btj1NyCBPQ2V9QAAAAM"]
[Mon Apr 15 03:22:06.648078 2024] [:error] [pid 2512697] [client 193.32.162.99:38216] [client 193.32.162.99] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBPoz4Btj1NyCBPQ2V9QAAAAM"]
[Mon Apr 15 03:22:36.344587 2024] [:error] [pid 2512700] [client 193.32.162.99:58332] [client 193.32.162.99] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBXEX_-bbOns11yN_NJgAAAAU"]
[Mon Apr 15 03:22:36.344983 2024] [:error] [pid 2512700] [client 193.32.162.99:58332] [client 193.32.162.99] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBXEX_-bbOns11yN_NJgAAAAU"]
[Mon Apr 15 03:22:36.345202 2024] [:error] [pid 2512700] [client 193.32.162.99:58332] [client 193.32.162.99] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBXEX_-bbOns11yN_NJgAAAAU"]
[Mon Apr 15 03:24:06.862940 2024] [:error] [pid 2512696] [client 193.32.162.99:45248] [client 193.32.162.99] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBts1riTFR-1z3d9TIpwAAAAI"]
[Mon Apr 15 03:24:06.863660 2024] [:error] [pid 2512696] [client 193.32.162.99:45248] [client 193.32.162.99] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBts1riTFR-1z3d9TIpwAAAAI"]
[Mon Apr 15 03:24:06.864077 2024] [:error] [pid 2512696] [client 193.32.162.99:45248] [client 193.32.162.99] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZhyBts1riTFR-1z3d9TIpwAAAAI"]
[Sun Apr 28 02:44:41.660385 2024] [:error] [pid 2825336] [client 193.32.162.87:37092] [client 193.32.162.87] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zi2b-eGQtXfUAjvN2jkRNAAAAAE"]
[Sun Apr 28 02:44:41.663385 2024] [:error] [pid 2825336] [client 193.32.162.87:37092] [client 193.32.162.87] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zi2b-eGQtXfUAjvN2jkRNAAAAAE"]
[Sun Apr 28 02:44:41.663844 2024] [:error] [pid 2825336] [client 193.32.162.87:37092] [client 193.32.162.87] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zi2b-eGQtXfUAjvN2jkRNAAAAAE"]
[Fri May 03 07:07:52.362511 2024] [authz_core:error] [pid 2944837] [client 172.105.16.117:46390] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Fri May 03 07:07:53.511551 2024] [:error] [pid 2944867] [client 172.105.16.117:46428] [client 172.105.16.117] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZjRxKUZ5LM8Gqa8yc_5KRQAAAAg"]
[Fri May 03 07:07:53.512101 2024] [:error] [pid 2944867] [client 172.105.16.117:46428] [client 172.105.16.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZjRxKUZ5LM8Gqa8yc_5KRQAAAAg"]
[Fri May 03 07:07:53.512515 2024] [:error] [pid 2944867] [client 172.105.16.117:46428] [client 172.105.16.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZjRxKUZ5LM8Gqa8yc_5KRQAAAAg"]
[Fri May 03 07:07:53.872699 2024] [:error] [pid 2944865] [client 172.105.16.117:46434] [client 172.105.16.117] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjRxKbN1lLNT9IB1Z7O2TQAAAAY"]
[Fri May 03 07:07:53.873279 2024] [:error] [pid 2944865] [client 172.105.16.117:46434] [client 172.105.16.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjRxKbN1lLNT9IB1Z7O2TQAAAAY"]
[Fri May 03 07:07:53.873726 2024] [:error] [pid 2944865] [client 172.105.16.117:46434] [client 172.105.16.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjRxKbN1lLNT9IB1Z7O2TQAAAAY"]
[Fri May 03 07:07:54.232933 2024] [:error] [pid 2944840] [client 172.105.16.117:46442] [client 172.105.16.117] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjRxKiWTM25QgFluSGoGegAAAAQ"]
[Fri May 03 07:07:54.233434 2024] [:error] [pid 2944840] [client 172.105.16.117:46442] [client 172.105.16.117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjRxKiWTM25QgFluSGoGegAAAAQ"]
[Fri May 03 07:07:54.233881 2024] [:error] [pid 2944840] [client 172.105.16.117:46442] [client 172.105.16.117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjRxKiWTM25QgFluSGoGegAAAAQ"]
[Fri May 03 13:51:31.691687 2024] [:error] [pid 2944838] [client 213.232.87.232:34129] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZjTPw39OzR2QKo92BH0MeAAAAAI"]
[Fri May 03 13:51:31.694290 2024] [:error] [pid 2944838] [client 213.232.87.232:34129] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZjTPw39OzR2QKo92BH0MeAAAAAI"]
[Fri May 03 13:51:31.694832 2024] [:error] [pid 2944838] [client 213.232.87.232:34129] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZjTPw39OzR2QKo92BH0MeAAAAAI"]
[Fri May 03 13:51:31.695098 2024] [:error] [pid 2944985] [client 213.232.87.232:17257] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZjTPww3NEX3VPGDEuIlI6AAAAAM"]
[Fri May 03 13:51:31.695274 2024] [:error] [pid 2944838] [client 213.232.87.232:34129] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZjTPw39OzR2QKo92BH0MeAAAAAI"]
[Fri May 03 13:51:31.695554 2024] [:error] [pid 2944985] [client 213.232.87.232:17257] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZjTPww3NEX3VPGDEuIlI6AAAAAM"]
[Fri May 03 13:51:31.698788 2024] [:error] [pid 2944866] [client 213.232.87.232:8761] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZjTPw2MRuxC-V_fbgLfk_AAAAAc"]
[Fri May 03 13:51:31.699434 2024] [:error] [pid 2944866] [client 213.232.87.232:8761] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZjTPw2MRuxC-V_fbgLfk_AAAAAc"]
[Fri May 03 13:51:31.699757 2024] [:error] [pid 2944865] [client 213.232.87.232:40113] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZjTPw7N1lLNT9IB1Z7O2ZgAAAAY"]
[Fri May 03 13:51:31.700196 2024] [:error] [pid 2944865] [client 213.232.87.232:40113] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZjTPw7N1lLNT9IB1Z7O2ZgAAAAY"]
[Fri May 03 13:51:31.700661 2024] [:error] [pid 2944865] [client 213.232.87.232:40113] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZjTPw7N1lLNT9IB1Z7O2ZgAAAAY"]
[Fri May 03 13:51:31.701163 2024] [:error] [pid 2944864] [client 213.232.87.232:55521] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZjTPw32JzIU99DWpBI0VsgAAAAU"]
[Fri May 03 13:51:31.701544 2024] [:error] [pid 2944864] [client 213.232.87.232:55521] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZjTPw32JzIU99DWpBI0VsgAAAAU"]
[Fri May 03 13:51:31.701713 2024] [:error] [pid 2944864] [client 213.232.87.232:55521] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZjTPw32JzIU99DWpBI0VsgAAAAU"]
[Fri May 03 13:51:31.705510 2024] [:error] [pid 2944866] [client 213.232.87.232:8761] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZjTPw2MRuxC-V_fbgLfk_AAAAAc"]
[Fri May 03 13:51:31.705807 2024] [:error] [pid 2944837] [client 213.232.87.232:59249] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZjTPwy8d8jmVjCwDcQf9igAAAAE"]
[Fri May 03 13:51:31.705968 2024] [:error] [pid 2944985] [client 213.232.87.232:17257] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZjTPww3NEX3VPGDEuIlI6AAAAAM"]
[Fri May 03 13:51:31.706096 2024] [:error] [pid 2944837] [client 213.232.87.232:59249] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZjTPwy8d8jmVjCwDcQf9igAAAAE"]
[Fri May 03 13:51:31.706269 2024] [:error] [pid 2944837] [client 213.232.87.232:59249] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZjTPwy8d8jmVjCwDcQf9igAAAAE"]
[Fri May 03 13:51:31.792066 2024] [:error] [pid 2944868] [client 213.232.87.232:35847] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjTPw2phKje_uCuXSk4foQAAAAk"]
[Fri May 03 13:51:31.792457 2024] [:error] [pid 2944868] [client 213.232.87.232:35847] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjTPw2phKje_uCuXSk4foQAAAAk"]
[Fri May 03 13:51:31.792873 2024] [:error] [pid 2944868] [client 213.232.87.232:35847] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjTPw2phKje_uCuXSk4foQAAAAk"]
[Fri May 03 13:51:31.795467 2024] [:error] [pid 2944838] [client 213.232.87.232:7649] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZjTPw39OzR2QKo92BH0MeQAAAAI"]
[Fri May 03 13:51:31.795758 2024] [:error] [pid 2944838] [client 213.232.87.232:7649] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZjTPw39OzR2QKo92BH0MeQAAAAI"]
[Fri May 03 13:51:31.796051 2024] [:error] [pid 2944838] [client 213.232.87.232:7649] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZjTPw39OzR2QKo92BH0MeQAAAAI"]
[Fri May 03 13:51:31.797985 2024] [:error] [pid 2944869] [client 213.232.87.232:34835] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZjTPw6LvFeouTot-YiDjGgAAAAo"]
[Fri May 03 13:51:31.798420 2024] [:error] [pid 2944869] [client 213.232.87.232:34835] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZjTPw6LvFeouTot-YiDjGgAAAAo"]
[Fri May 03 13:51:31.798697 2024] [:error] [pid 2944869] [client 213.232.87.232:34835] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZjTPw6LvFeouTot-YiDjGgAAAAo"]
[Fri May 03 13:51:31.872403 2024] [:error] [pid 2944837] [client 213.232.87.232:61883] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjTPwy8d8jmVjCwDcQf9jAAAAAE"]
[Fri May 03 13:51:31.872869 2024] [:error] [pid 2944837] [client 213.232.87.232:61883] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjTPwy8d8jmVjCwDcQf9jAAAAAE"]
[Fri May 03 13:51:31.873270 2024] [:error] [pid 2944837] [client 213.232.87.232:61883] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjTPwy8d8jmVjCwDcQf9jAAAAAE"]
[Fri May 03 13:51:31.881713 2024] [:error] [pid 2944838] [client 213.232.87.232:35113] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZjTPw39OzR2QKo92BH0MegAAAAI"]
[Fri May 03 13:51:31.882121 2024] [:error] [pid 2944838] [client 213.232.87.232:35113] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZjTPw39OzR2QKo92BH0MegAAAAI"]
[Fri May 03 13:51:31.882548 2024] [:error] [pid 2944838] [client 213.232.87.232:35113] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZjTPw39OzR2QKo92BH0MegAAAAI"]
[Fri May 03 19:24:29.546546 2024] [:error] [pid 2944865] [client 3.94.195.139:58678] [client 3.94.195.139] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjUdzbN1lLNT9IB1Z7O2nQAAAAY"]
[Fri May 03 19:24:29.547233 2024] [:error] [pid 2944865] [client 3.94.195.139:58678] [client 3.94.195.139] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjUdzbN1lLNT9IB1Z7O2nQAAAAY"]
[Fri May 03 19:24:29.547635 2024] [:error] [pid 2944865] [client 3.94.195.139:58678] [client 3.94.195.139] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjUdzbN1lLNT9IB1Z7O2nQAAAAY"]
[Wed May 08 03:14:09.510192 2024] [:error] [pid 3051245] [client 35.85.227.122:43294] [client 35.85.227.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjrR4Za7fo20Kiv_9C8ERwAAAAA"]
[Wed May 08 03:14:09.510970 2024] [:error] [pid 3051245] [client 35.85.227.122:43294] [client 35.85.227.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjrR4Za7fo20Kiv_9C8ERwAAAAA"]
[Wed May 08 03:14:09.511444 2024] [:error] [pid 3051245] [client 35.85.227.122:43294] [client 35.85.227.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZjrR4Za7fo20Kiv_9C8ERwAAAAA"]
[Wed May 08 09:53:13.859666 2024] [:error] [pid 3069776] [client 193.233.49.207:41326] [client 193.233.49.207] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjsvafNMt3jmqWcXWPtmrAAAAAY"]
[Wed May 08 09:53:13.861353 2024] [:error] [pid 3069776] [client 193.233.49.207:41326] [client 193.233.49.207] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjsvafNMt3jmqWcXWPtmrAAAAAY"]
[Wed May 08 09:53:13.861801 2024] [:error] [pid 3069776] [client 193.233.49.207:41326] [client 193.233.49.207] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZjsvafNMt3jmqWcXWPtmrAAAAAY"]
[Wed May 08 11:59:34.672276 2024] [:error] [pid 3051247] [client 20.127.157.200:53346] [client 20.127.157.200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjtNBr8b0vAqq5m7MniNXwAAAAI"]
[Wed May 08 11:59:34.673010 2024] [:error] [pid 3051247] [client 20.127.157.200:53346] [client 20.127.157.200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjtNBr8b0vAqq5m7MniNXwAAAAI"]
[Wed May 08 11:59:34.673460 2024] [:error] [pid 3051247] [client 20.127.157.200:53346] [client 20.127.157.200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjtNBr8b0vAqq5m7MniNXwAAAAI"]
[Thu May 09 01:49:36.004513 2024] [:error] [pid 3084625] [client 103.102.228.23:54722] [client 103.102.228.23] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjwPkA3F2QOE5asn106S3AAAAAk"]
[Thu May 09 01:49:36.005412 2024] [:error] [pid 3084625] [client 103.102.228.23:54722] [client 103.102.228.23] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjwPkA3F2QOE5asn106S3AAAAAk"]
[Thu May 09 01:49:36.005860 2024] [:error] [pid 3084625] [client 103.102.228.23:54722] [client 103.102.228.23] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZjwPkA3F2QOE5asn106S3AAAAAk"]
[Thu May 09 03:29:01.356085 2024] [:error] [pid 3087046] [client 3.84.118.17:34274] [client 3.84.118.17] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zjwm3dDuEu4lH9Kpw9-5RwAAAAQ"]
[Thu May 09 03:29:01.357041 2024] [:error] [pid 3087046] [client 3.84.118.17:34274] [client 3.84.118.17] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zjwm3dDuEu4lH9Kpw9-5RwAAAAQ"]
[Thu May 09 03:29:01.357514 2024] [:error] [pid 3087046] [client 3.84.118.17:34274] [client 3.84.118.17] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zjwm3dDuEu4lH9Kpw9-5RwAAAAQ"]
[Thu May 09 04:39:59.136718 2024] [:error] [pid 3087044] [client 91.215.85.43:45874] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /beta/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_9wAAAAI"]
[Thu May 09 04:39:59.137465 2024] [:error] [pid 3087044] [client 91.215.85.43:45874] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_9wAAAAI"]
[Thu May 09 04:39:59.137785 2024] [:error] [pid 3087046] [client 91.215.85.43:45868] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /a/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5SgAAAAQ"]
[Thu May 09 04:39:59.137941 2024] [:error] [pid 3087044] [client 91.215.85.43:45874] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_9wAAAAI"]
[Thu May 09 04:39:59.138332 2024] [:error] [pid 3087046] [client 91.215.85.43:45868] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5SgAAAAQ"]
[Thu May 09 04:39:59.138724 2024] [:error] [pid 3087046] [client 91.215.85.43:45868] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5SgAAAAQ"]
[Thu May 09 04:39:59.176785 2024] [:error] [pid 3088694] [client 91.215.85.43:45890] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxQAAAAc"]
[Thu May 09 04:39:59.178518 2024] [:error] [pid 3087047] [client 91.215.85.43:45882] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /aomanalyzer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDXwAAAAU"]
[Thu May 09 04:39:59.179136 2024] [:error] [pid 3087047] [client 91.215.85.43:45882] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDXwAAAAU"]
[Thu May 09 04:39:59.179553 2024] [:error] [pid 3087047] [client 91.215.85.43:45882] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDXwAAAAU"]
[Thu May 09 04:39:59.179799 2024] [:error] [pid 3087045] [client 91.215.85.43:45888] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DQAAAAM"]
[Thu May 09 04:39:59.180502 2024] [:error] [pid 3087045] [client 91.215.85.43:45888] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DQAAAAM"]
[Thu May 09 04:39:59.180956 2024] [:error] [pid 3087045] [client 91.215.85.43:45888] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DQAAAAM"]
[Thu May 09 04:39:59.182513 2024] [:error] [pid 3088694] [client 91.215.85.43:45890] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxQAAAAc"]
[Thu May 09 04:39:59.182985 2024] [:error] [pid 3087474] [client 91.215.85.43:45906] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuNwAAAAY"]
[Thu May 09 04:39:59.183033 2024] [:error] [pid 3088694] [client 91.215.85.43:45890] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxQAAAAc"]
[Thu May 09 04:39:59.183631 2024] [:error] [pid 3087474] [client 91.215.85.43:45906] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuNwAAAAY"]
[Thu May 09 04:39:59.184023 2024] [:error] [pid 3087474] [client 91.215.85.43:45906] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuNwAAAAY"]
[Thu May 09 04:39:59.190631 2024] [:error] [pid 3087042] [client 91.215.85.43:45920] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YCgAAAAA"]
[Thu May 09 04:39:59.190844 2024] [:error] [pid 3087042] [client 91.215.85.43:45920] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YCgAAAAA"]
[Thu May 09 04:39:59.191015 2024] [:error] [pid 3087042] [client 91.215.85.43:45920] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YCgAAAAA"]
[Thu May 09 04:39:59.194776 2024] [:error] [pid 3087043] [client 91.215.85.43:45924] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSgwAAAAE"]
[Thu May 09 04:39:59.195030 2024] [:error] [pid 3087043] [client 91.215.85.43:45924] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSgwAAAAE"]
[Thu May 09 04:39:59.195250 2024] [:error] [pid 3087043] [client 91.215.85.43:45924] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSgwAAAAE"]
[Thu May 09 04:39:59.237852 2024] [:error] [pid 3087046] [client 91.215.85.43:45938] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5SwAAAAQ"]
[Thu May 09 04:39:59.238379 2024] [:error] [pid 3087046] [client 91.215.85.43:45938] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5SwAAAAQ"]
[Thu May 09 04:39:59.238704 2024] [:error] [pid 3087046] [client 91.215.85.43:45938] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5SwAAAAQ"]
[Thu May 09 04:39:59.242279 2024] [:error] [pid 3087044] [client 91.215.85.43:45950] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /build/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-AAAAAI"]
[Thu May 09 04:39:59.242676 2024] [:error] [pid 3087044] [client 91.215.85.43:45950] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-AAAAAI"]
[Thu May 09 04:39:59.242976 2024] [:error] [pid 3087044] [client 91.215.85.43:45950] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-AAAAAI"]
[Thu May 09 04:39:59.275892 2024] [:error] [pid 3087045] [client 91.215.85.43:46058] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /live/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DgAAAAM"]
[Thu May 09 04:39:59.277824 2024] [:error] [pid 3087047] [client 91.215.85.43:45998] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /demo/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYAAAAAU"]
[Thu May 09 04:39:59.278361 2024] [:error] [pid 3087047] [client 91.215.85.43:45998] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYAAAAAU"]
[Thu May 09 04:39:59.279117 2024] [:error] [pid 3087047] [client 91.215.85.43:45998] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYAAAAAU"]
[Thu May 09 04:39:59.280834 2024] [:error] [pid 3087045] [client 91.215.85.43:46058] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DgAAAAM"]
[Thu May 09 04:39:59.281097 2024] [:error] [pid 3087045] [client 91.215.85.43:46058] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DgAAAAM"]
[Thu May 09 04:39:59.281435 2024] [:error] [pid 3087474] [client 91.215.85.43:45960] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOAAAAAY"]
[Thu May 09 04:39:59.281767 2024] [:error] [pid 3087474] [client 91.215.85.43:45960] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOAAAAAY"]
[Thu May 09 04:39:59.282012 2024] [:error] [pid 3087474] [client 91.215.85.43:45960] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOAAAAAY"]
[Thu May 09 04:39:59.282065 2024] [:error] [pid 3088694] [client 91.215.85.43:46014] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxgAAAAc"]
[Thu May 09 04:39:59.282395 2024] [:error] [pid 3088694] [client 91.215.85.43:46014] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxgAAAAc"]
[Thu May 09 04:39:59.282649 2024] [:error] [pid 3088694] [client 91.215.85.43:46014] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxgAAAAc"]
[Thu May 09 04:39:59.290460 2024] [:error] [pid 3087042] [client 91.215.85.43:45926] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YCwAAAAA"]
[Thu May 09 04:39:59.290686 2024] [:error] [pid 3087042] [client 91.215.85.43:45926] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YCwAAAAA"]
[Thu May 09 04:39:59.290860 2024] [:error] [pid 3087042] [client 91.215.85.43:45926] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YCwAAAAA"]
[Thu May 09 04:39:59.292479 2024] [:error] [pid 3087043] [client 91.215.85.43:46036] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /flock/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShAAAAAE"]
[Thu May 09 04:39:59.292712 2024] [:error] [pid 3087043] [client 91.215.85.43:46036] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShAAAAAE"]
[Thu May 09 04:39:59.292888 2024] [:error] [pid 3087043] [client 91.215.85.43:46036] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShAAAAAE"]
[Thu May 09 04:39:59.335076 2024] [:error] [pid 3087046] [client 91.215.85.43:46020] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TAAAAAQ"]
[Thu May 09 04:39:59.335564 2024] [:error] [pid 3087046] [client 91.215.85.43:46020] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TAAAAAQ"]
[Thu May 09 04:39:59.336012 2024] [:error] [pid 3087046] [client 91.215.85.43:46020] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TAAAAAQ"]
[Thu May 09 04:39:59.339606 2024] [:error] [pid 3087044] [client 91.215.85.43:45986] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /developer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-QAAAAI"]
[Thu May 09 04:39:59.339992 2024] [:error] [pid 3087044] [client 91.215.85.43:45986] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-QAAAAI"]
[Thu May 09 04:39:59.340220 2024] [:error] [pid 3087044] [client 91.215.85.43:45986] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-QAAAAI"]
[Thu May 09 04:39:59.373911 2024] [:error] [pid 3087045] [client 91.215.85.43:46178] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DwAAAAM"]
[Thu May 09 04:39:59.374264 2024] [:error] [pid 3087045] [client 91.215.85.43:46178] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DwAAAAM"]
[Thu May 09 04:39:59.374567 2024] [:error] [pid 3087045] [client 91.215.85.43:46178] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64DwAAAAM"]
[Thu May 09 04:39:59.377099 2024] [:error] [pid 3088694] [client 91.215.85.43:46146] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repository/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxwAAAAc"]
[Thu May 09 04:39:59.377444 2024] [:error] [pid 3088694] [client 91.215.85.43:46146] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxwAAAAc"]
[Thu May 09 04:39:59.377736 2024] [:error] [pid 3088694] [client 91.215.85.43:46146] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FxwAAAAc"]
[Thu May 09 04:39:59.378470 2024] [:error] [pid 3087474] [client 91.215.85.43:46114] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repos/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOQAAAAY"]
[Thu May 09 04:39:59.378611 2024] [:error] [pid 3087047] [client 91.215.85.43:45972] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYQAAAAU"]
[Thu May 09 04:39:59.378965 2024] [:error] [pid 3087047] [client 91.215.85.43:45972] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYQAAAAU"]
[Thu May 09 04:39:59.379100 2024] [:error] [pid 3087474] [client 91.215.85.43:46114] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOQAAAAY"]
[Thu May 09 04:39:59.379217 2024] [:error] [pid 3087047] [client 91.215.85.43:45972] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYQAAAAU"]
[Thu May 09 04:39:59.379496 2024] [:error] [pid 3087474] [client 91.215.85.43:46114] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOQAAAAY"]
[Thu May 09 04:39:59.388055 2024] [:error] [pid 3087042] [client 91.215.85.43:46046] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /gateway/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDAAAAAA"]
[Thu May 09 04:39:59.388363 2024] [:error] [pid 3087042] [client 91.215.85.43:46046] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDAAAAAA"]
[Thu May 09 04:39:59.390183 2024] [:error] [pid 3087043] [client 91.215.85.43:46056] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /git/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShQAAAAE"]
[Thu May 09 04:39:59.390396 2024] [:error] [pid 3087043] [client 91.215.85.43:46056] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShQAAAAE"]
[Thu May 09 04:39:59.390594 2024] [:error] [pid 3087043] [client 91.215.85.43:46056] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShQAAAAE"]
[Thu May 09 04:39:59.391147 2024] [:error] [pid 3087042] [client 91.215.85.43:46046] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDAAAAAA"]
[Thu May 09 04:39:59.402998 2024] [:error] [pid 3089373] [client 91.215.85.43:46080] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /m/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dAAAAAg"]
[Thu May 09 04:39:59.403380 2024] [:error] [pid 3089373] [client 91.215.85.43:46080] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dAAAAAg"]
[Thu May 09 04:39:59.403675 2024] [:error] [pid 3089373] [client 91.215.85.43:46080] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dAAAAAg"]
[Thu May 09 04:39:59.433078 2024] [:error] [pid 3087046] [client 91.215.85.43:46066] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /includes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TQAAAAQ"]
[Thu May 09 04:39:59.433683 2024] [:error] [pid 3087046] [client 91.215.85.43:46066] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TQAAAAQ"]
[Thu May 09 04:39:59.434109 2024] [:error] [pid 3087046] [client 91.215.85.43:46066] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TQAAAAQ"]
[Thu May 09 04:39:59.437449 2024] [:error] [pid 3087044] [client 91.215.85.43:46090] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /__macosx/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-gAAAAI"]
[Thu May 09 04:39:59.437976 2024] [:error] [pid 3087044] [client 91.215.85.43:46090] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-gAAAAI"]
[Thu May 09 04:39:59.438380 2024] [:error] [pid 3087044] [client 91.215.85.43:46090] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-gAAAAI"]
[Thu May 09 04:39:59.472666 2024] [:error] [pid 3087045] [client 91.215.85.43:46078] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EAAAAAM"]
[Thu May 09 04:39:59.473944 2024] [:error] [pid 3088694] [client 91.215.85.43:46122] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /node_modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FyAAAAAc"]
[Thu May 09 04:39:59.474441 2024] [:error] [pid 3088694] [client 91.215.85.43:46122] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FyAAAAAc"]
[Thu May 09 04:39:59.475656 2024] [:error] [pid 3087474] [client 91.215.85.43:46124] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /old-cuburn/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOgAAAAY"]
[Thu May 09 04:39:59.476078 2024] [:error] [pid 3087474] [client 91.215.85.43:46124] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOgAAAAY"]
[Thu May 09 04:39:59.476598 2024] [:error] [pid 3087474] [client 91.215.85.43:46124] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOgAAAAY"]
[Thu May 09 04:39:59.477199 2024] [:error] [pid 3087047] [client 91.215.85.43:46154] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /qa/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYgAAAAU"]
[Thu May 09 04:39:59.477777 2024] [:error] [pid 3087047] [client 91.215.85.43:46154] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYgAAAAU"]
[Thu May 09 04:39:59.477849 2024] [:error] [pid 3087045] [client 91.215.85.43:46078] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EAAAAAM"]
[Thu May 09 04:39:59.478188 2024] [:error] [pid 3087047] [client 91.215.85.43:46154] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYgAAAAU"]
[Thu May 09 04:39:59.478250 2024] [:error] [pid 3087045] [client 91.215.85.43:46078] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EAAAAAM"]
[Thu May 09 04:39:59.478763 2024] [:error] [pid 3088694] [client 91.215.85.43:46122] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FyAAAAAc"]
[Thu May 09 04:39:59.485137 2024] [:error] [pid 3087042] [client 91.215.85.43:46134] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /new/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDQAAAAA"]
[Thu May 09 04:39:59.485389 2024] [:error] [pid 3087042] [client 91.215.85.43:46134] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDQAAAAA"]
[Thu May 09 04:39:59.485633 2024] [:error] [pid 3087042] [client 91.215.85.43:46134] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDQAAAAA"]
[Thu May 09 04:39:59.486880 2024] [:error] [pid 3087043] [client 91.215.85.43:46188] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShgAAAAE"]
[Thu May 09 04:39:59.487127 2024] [:error] [pid 3087043] [client 91.215.85.43:46188] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShgAAAAE"]
[Thu May 09 04:39:59.487326 2024] [:error] [pid 3087043] [client 91.215.85.43:46188] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShgAAAAE"]
[Thu May 09 04:39:59.499962 2024] [:error] [pid 3089373] [client 91.215.85.43:46106] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dQAAAAg"]
[Thu May 09 04:39:59.500180 2024] [:error] [pid 3089373] [client 91.215.85.43:46106] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dQAAAAg"]
[Thu May 09 04:39:59.500362 2024] [:error] [pid 3089373] [client 91.215.85.43:46106] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dQAAAAg"]
[Thu May 09 04:39:59.530050 2024] [:error] [pid 3087046] [client 91.215.85.43:46214] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /static/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TgAAAAQ"]
[Thu May 09 04:39:59.530610 2024] [:error] [pid 3087046] [client 91.215.85.43:46214] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TgAAAAQ"]
[Thu May 09 04:39:59.531027 2024] [:error] [pid 3087046] [client 91.215.85.43:46214] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TgAAAAQ"]
[Thu May 09 04:39:59.536467 2024] [:error] [pid 3087044] [client 91.215.85.43:46170] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /samples/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-wAAAAI"]
[Thu May 09 04:39:59.537037 2024] [:error] [pid 3087044] [client 91.215.85.43:46170] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-wAAAAI"]
[Thu May 09 04:39:59.537533 2024] [:error] [pid 3087044] [client 91.215.85.43:46170] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb_-wAAAAI"]
[Thu May 09 04:39:59.574183 2024] [:error] [pid 3087047] [client 91.215.85.43:46200] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYwAAAAU"]
[Thu May 09 04:39:59.574682 2024] [:error] [pid 3087047] [client 91.215.85.43:46200] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYwAAAAU"]
[Thu May 09 04:39:59.575002 2024] [:error] [pid 3087474] [client 91.215.85.43:46172] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOwAAAAY"]
[Thu May 09 04:39:59.575151 2024] [:error] [pid 3087047] [client 91.215.85.43:46200] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDYwAAAAU"]
[Thu May 09 04:39:59.575494 2024] [:error] [pid 3087474] [client 91.215.85.43:46172] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOwAAAAY"]
[Thu May 09 04:39:59.575909 2024] [:error] [pid 3087474] [client 91.215.85.43:46172] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuOwAAAAY"]
[Thu May 09 04:39:59.578856 2024] [:error] [pid 3087045] [client 91.215.85.43:46218] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EQAAAAM"]
[Thu May 09 04:39:59.579420 2024] [:error] [pid 3088694] [client 91.215.85.43:46198] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FyQAAAAc"]
[Thu May 09 04:39:59.579444 2024] [:error] [pid 3087045] [client 91.215.85.43:46218] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EQAAAAM"]
[Thu May 09 04:39:59.582431 2024] [:error] [pid 3087042] [client 91.215.85.43:46222] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDgAAAAA"]
[Thu May 09 04:39:59.582497 2024] [:error] [pid 3087043] [client 91.215.85.43:46224] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShwAAAAE"]
[Thu May 09 04:39:59.582935 2024] [:error] [pid 3087042] [client 91.215.85.43:46222] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDgAAAAA"]
[Thu May 09 04:39:59.583002 2024] [:error] [pid 3087043] [client 91.215.85.43:46224] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShwAAAAE"]
[Thu May 09 04:39:59.583264 2024] [:error] [pid 3087043] [client 91.215.85.43:46224] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcShwAAAAE"]
[Thu May 09 04:39:59.583273 2024] [:error] [pid 3087042] [client 91.215.85.43:46222] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDgAAAAA"]
[Thu May 09 04:39:59.583490 2024] [:error] [pid 3088694] [client 91.215.85.43:46198] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FyQAAAAc"]
[Thu May 09 04:39:59.583682 2024] [:error] [pid 3088694] [client 91.215.85.43:46198] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FyQAAAAc"]
[Thu May 09 04:39:59.583732 2024] [:error] [pid 3087045] [client 91.215.85.43:46218] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EQAAAAM"]
[Thu May 09 04:39:59.596325 2024] [:error] [pid 3089373] [client 91.215.85.43:46238] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dgAAAAg"]
[Thu May 09 04:39:59.596633 2024] [:error] [pid 3089373] [client 91.215.85.43:46238] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dgAAAAg"]
[Thu May 09 04:39:59.596856 2024] [:error] [pid 3089373] [client 91.215.85.43:46238] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dgAAAAg"]
[Thu May 09 04:39:59.634905 2024] [:error] [pid 3087046] [client 91.215.85.43:46260] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /test/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TwAAAAQ"]
[Thu May 09 04:39:59.635261 2024] [:error] [pid 3087046] [client 91.215.85.43:46260] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TwAAAAQ"]
[Thu May 09 04:39:59.635531 2024] [:error] [pid 3087046] [client 91.215.85.43:46260] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5TwAAAAQ"]
[Thu May 09 04:39:59.636306 2024] [:error] [pid 3087044] [client 91.215.85.43:46250] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /store/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__AAAAAI"]
[Thu May 09 04:39:59.636672 2024] [:error] [pid 3087044] [client 91.215.85.43:46250] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__AAAAAI"]
[Thu May 09 04:39:59.636948 2024] [:error] [pid 3087044] [client 91.215.85.43:46250] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__AAAAAI"]
[Thu May 09 04:39:59.669622 2024] [:error] [pid 3087047] [client 91.215.85.43:46266] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /user/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZAAAAAU"]
[Thu May 09 04:39:59.670063 2024] [:error] [pid 3087047] [client 91.215.85.43:46266] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZAAAAAU"]
[Thu May 09 04:39:59.670435 2024] [:error] [pid 3087047] [client 91.215.85.43:46266] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZAAAAAU"]
[Thu May 09 04:39:59.673879 2024] [:error] [pid 3087474] [client 91.215.85.43:46276] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPAAAAAY"]
[Thu May 09 04:39:59.674381 2024] [:error] [pid 3087474] [client 91.215.85.43:46276] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPAAAAAY"]
[Thu May 09 04:39:59.674507 2024] [:error] [pid 3087045] [client 91.215.85.43:46290] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EgAAAAM"]
[Thu May 09 04:39:59.674815 2024] [:error] [pid 3087474] [client 91.215.85.43:46276] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPAAAAAY"]
[Thu May 09 04:39:59.674840 2024] [:error] [pid 3087045] [client 91.215.85.43:46290] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EgAAAAM"]
[Thu May 09 04:39:59.675085 2024] [:error] [pid 3087045] [client 91.215.85.43:46290] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EgAAAAM"]
[Thu May 09 04:39:59.678661 2024] [:error] [pid 3087043] [client 91.215.85.43:46302] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSiAAAAAE"]
[Thu May 09 04:39:59.678935 2024] [:error] [pid 3087043] [client 91.215.85.43:46302] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSiAAAAAE"]
[Thu May 09 04:39:59.679185 2024] [:error] [pid 3087043] [client 91.215.85.43:46302] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSiAAAAAE"]
[Thu May 09 04:39:59.681003 2024] [:error] [pid 3088694] [client 91.215.85.43:46326] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FygAAAAc"]
[Thu May 09 04:39:59.681270 2024] [:error] [pid 3087042] [client 91.215.85.43:46316] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDwAAAAA"]
[Thu May 09 04:39:59.681581 2024] [:error] [pid 3087042] [client 91.215.85.43:46316] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDwAAAAA"]
[Thu May 09 04:39:59.681650 2024] [:error] [pid 3088694] [client 91.215.85.43:46326] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FygAAAAc"]
[Thu May 09 04:39:59.681847 2024] [:error] [pid 3087042] [client 91.215.85.43:46316] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YDwAAAAA"]
[Thu May 09 04:39:59.682090 2024] [:error] [pid 3088694] [client 91.215.85.43:46326] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FygAAAAc"]
[Thu May 09 04:39:59.695740 2024] [:error] [pid 3089373] [client 91.215.85.43:46340] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wiki/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dwAAAAg"]
[Thu May 09 04:39:59.695973 2024] [:error] [pid 3089373] [client 91.215.85.43:46340] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dwAAAAg"]
[Thu May 09 04:39:59.696148 2024] [:error] [pid 3089373] [client 91.215.85.43:46340] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_dwAAAAg"]
[Thu May 09 04:39:59.733209 2024] [:error] [pid 3087046] [client 91.215.85.43:46354] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5UAAAAAQ"]
[Thu May 09 04:39:59.733684 2024] [:error] [pid 3087046] [client 91.215.85.43:46354] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5UAAAAAQ"]
[Thu May 09 04:39:59.733841 2024] [:error] [pid 3087044] [client 91.215.85.43:46356] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__QAAAAI"]
[Thu May 09 04:39:59.734254 2024] [:error] [pid 3087046] [client 91.215.85.43:46354] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5UAAAAAQ"]
[Thu May 09 04:39:59.734354 2024] [:error] [pid 3087044] [client 91.215.85.43:46356] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__QAAAAI"]
[Thu May 09 04:39:59.734748 2024] [:error] [pid 3087044] [client 91.215.85.43:46356] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__QAAAAI"]
[Thu May 09 04:39:59.765255 2024] [:error] [pid 3087047] [client 91.215.85.43:46370] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-includes/js/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZQAAAAU"]
[Thu May 09 04:39:59.765808 2024] [:error] [pid 3087047] [client 91.215.85.43:46370] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZQAAAAU"]
[Thu May 09 04:39:59.766208 2024] [:error] [pid 3087047] [client 91.215.85.43:46370] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZQAAAAU"]
[Thu May 09 04:39:59.770777 2024] [:error] [pid 3087474] [client 91.215.85.43:46432] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPQAAAAY"]
[Thu May 09 04:39:59.771318 2024] [:error] [pid 3087474] [client 91.215.85.43:46432] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPQAAAAY"]
[Thu May 09 04:39:59.771735 2024] [:error] [pid 3087474] [client 91.215.85.43:46432] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPQAAAAY"]
[Thu May 09 04:39:59.771852 2024] [:error] [pid 3087045] [client 91.215.85.43:46366] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EwAAAAM"]
[Thu May 09 04:39:59.772384 2024] [:error] [pid 3087045] [client 91.215.85.43:46366] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EwAAAAM"]
[Thu May 09 04:39:59.772867 2024] [:error] [pid 3087045] [client 91.215.85.43:46366] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64EwAAAAM"]
[Thu May 09 04:39:59.776501 2024] [:error] [pid 3088694] [client 91.215.85.43:46400] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /amphtml/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FywAAAAc"]
[Thu May 09 04:39:59.776820 2024] [:error] [pid 3087042] [client 91.215.85.43:46436] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YEAAAAAA"]
[Thu May 09 04:39:59.776891 2024] [:error] [pid 3088694] [client 91.215.85.43:46400] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FywAAAAc"]
[Thu May 09 04:39:59.777093 2024] [:error] [pid 3087042] [client 91.215.85.43:46436] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YEAAAAAA"]
[Thu May 09 04:39:59.777183 2024] [:error] [pid 3088694] [client 91.215.85.43:46400] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FywAAAAc"]
[Thu May 09 04:39:59.777294 2024] [:error] [pid 3087042] [client 91.215.85.43:46436] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Zjw3f76BZEswTgH69C-YEAAAAAA"]
[Thu May 09 04:39:59.777573 2024] [:error] [pid 3087043] [client 91.215.85.43:46384] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSiQAAAAE"]
[Thu May 09 04:39:59.777945 2024] [:error] [pid 3087043] [client 91.215.85.43:46384] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSiQAAAAE"]
[Thu May 09 04:39:59.778240 2024] [:error] [pid 3087043] [client 91.215.85.43:46384] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSiQAAAAE"]
[Thu May 09 04:39:59.795461 2024] [:error] [pid 3089373] [client 91.215.85.43:46424] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_eAAAAAg"]
[Thu May 09 04:39:59.795774 2024] [:error] [pid 3089373] [client 91.215.85.43:46424] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_eAAAAAg"]
[Thu May 09 04:39:59.795987 2024] [:error] [pid 3089373] [client 91.215.85.43:46424] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Zjw3f-N0fMSfu-PymUG_eAAAAAg"]
[Thu May 09 04:39:59.832989 2024] [:error] [pid 3087046] [client 91.215.85.43:46440] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5UQAAAAQ"]
[Thu May 09 04:39:59.833429 2024] [:error] [pid 3087046] [client 91.215.85.43:46440] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5UQAAAAQ"]
[Thu May 09 04:39:59.833848 2024] [:error] [pid 3087046] [client 91.215.85.43:46440] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Zjw3f9DuEu4lH9Kpw9-5UQAAAAQ"]
[Thu May 09 04:39:59.835043 2024] [:error] [pid 3087044] [client 91.215.85.43:46408] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__gAAAAI"]
[Thu May 09 04:39:59.835534 2024] [:error] [pid 3087044] [client 91.215.85.43:46408] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__gAAAAI"]
[Thu May 09 04:39:59.835902 2024] [:error] [pid 3087044] [client 91.215.85.43:46408] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Zjw3f_sXqwCp__WmJJb__gAAAAI"]
[Thu May 09 04:39:59.863190 2024] [:error] [pid 3087047] [client 91.215.85.43:46418] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZgAAAAU"]
[Thu May 09 04:39:59.863896 2024] [:error] [pid 3087047] [client 91.215.85.43:46418] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZgAAAAU"]
[Thu May 09 04:39:59.864332 2024] [:error] [pid 3087047] [client 91.215.85.43:46418] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Zjw3fziuM1_7lpzHjPaDZgAAAAU"]
[Thu May 09 04:39:59.864995 2024] [:error] [pid 3087474] [client 91.215.85.43:46448] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPgAAAAY"]
[Thu May 09 04:39:59.865357 2024] [:error] [pid 3087474] [client 91.215.85.43:46448] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPgAAAAY"]
[Thu May 09 04:39:59.865638 2024] [:error] [pid 3087474] [client 91.215.85.43:46448] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Zjw3f1kTMp1zDXQNLxBuPgAAAAY"]
[Thu May 09 04:39:59.868123 2024] [:error] [pid 3087045] [client 91.215.85.43:46444] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /alpha/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64FAAAAAM"]
[Thu May 09 04:39:59.868495 2024] [:error] [pid 3087045] [client 91.215.85.43:46444] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64FAAAAAM"]
[Thu May 09 04:39:59.868835 2024] [:error] [pid 3087045] [client 91.215.85.43:46444] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Zjw3fyELaz4DfY2fUB64FAAAAAM"]
[Thu May 09 04:39:59.872855 2024] [:error] [pid 3088694] [client 91.215.85.43:46464] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FzAAAAAc"]
[Thu May 09 04:39:59.873263 2024] [:error] [pid 3088694] [client 91.215.85.43:46464] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FzAAAAAc"]
[Thu May 09 04:39:59.873277 2024] [:error] [pid 3087043] [client 91.215.85.43:46462] [client 91.215.85.43] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSigAAAAE"]
[Thu May 09 04:39:59.873613 2024] [:error] [pid 3088694] [client 91.215.85.43:46464] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Zjw3f-YW-t8Qib2gMC8FzAAAAAc"]
[Thu May 09 04:39:59.873637 2024] [:error] [pid 3087043] [client 91.215.85.43:46462] [client 91.215.85.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSigAAAAE"]
[Thu May 09 04:39:59.873922 2024] [:error] [pid 3087043] [client 91.215.85.43:46462] [client 91.215.85.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Zjw3f0mmq5R-q7rmmbcSigAAAAE"]
[Sun May 12 02:22:27.398172 2024] [:error] [pid 3152282] [client 193.32.162.99:38464] [client 193.32.162.99] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZkALwz_fRqOkeUxlnCWB4gAAAAY"]
[Sun May 12 02:22:27.399821 2024] [:error] [pid 3152282] [client 193.32.162.99:38464] [client 193.32.162.99] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZkALwz_fRqOkeUxlnCWB4gAAAAY"]
[Sun May 12 02:22:27.400285 2024] [:error] [pid 3152282] [client 193.32.162.99:38464] [client 193.32.162.99] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZkALwz_fRqOkeUxlnCWB4gAAAAY"]
[Mon May 13 18:13:34.048750 2024] [:error] [pid 3186444] [client 103.102.228.23:51082] [client 103.102.228.23] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZkI8LgLVbAvhga_cVdDMeAAAAAs"]
[Mon May 13 18:13:34.049455 2024] [:error] [pid 3186444] [client 103.102.228.23:51082] [client 103.102.228.23] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZkI8LgLVbAvhga_cVdDMeAAAAAs"]
[Mon May 13 18:13:34.049978 2024] [:error] [pid 3186444] [client 103.102.228.23:51082] [client 103.102.228.23] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZkI8LgLVbAvhga_cVdDMeAAAAAs"]
[Tue May 14 07:50:00.499882 2024] [:error] [pid 3203918] [client 43.204.230.150:50862] [client 43.204.230.150] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZkL7iBX3kMM4UvPfXTgLawAAAAI"]
[Tue May 14 07:50:00.500310 2024] [:error] [pid 3203918] [client 43.204.230.150:50862] [client 43.204.230.150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZkL7iBX3kMM4UvPfXTgLawAAAAI"]
[Tue May 14 07:50:00.500595 2024] [:error] [pid 3203918] [client 43.204.230.150:50862] [client 43.204.230.150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZkL7iBX3kMM4UvPfXTgLawAAAAI"]
[Wed May 15 00:01:02.153644 2024] [:error] [pid 3218284] [client 103.102.228.23:55098] [client 103.102.228.23] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZkPfHnuYO945EzRsKsRvqQAAAAg"]
[Wed May 15 00:01:02.154412 2024] [:error] [pid 3218284] [client 103.102.228.23:55098] [client 103.102.228.23] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZkPfHnuYO945EzRsKsRvqQAAAAg"]
[Wed May 15 00:01:02.154971 2024] [:error] [pid 3218284] [client 103.102.228.23:55098] [client 103.102.228.23] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZkPfHnuYO945EzRsKsRvqQAAAAg"]
[Sat May 25 03:33:21.817990 2024] [:error] [pid 3458602] [client 103.102.228.130:35676] [client 103.102.228.130] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZlE_4TDHhqfKAmVqfIXzVgAAAAE"]
[Sat May 25 03:33:21.819150 2024] [:error] [pid 3458602] [client 103.102.228.130:35676] [client 103.102.228.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZlE_4TDHhqfKAmVqfIXzVgAAAAE"]
[Sat May 25 03:33:21.819393 2024] [:error] [pid 3458602] [client 103.102.228.130:35676] [client 103.102.228.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZlE_4TDHhqfKAmVqfIXzVgAAAAE"]
[Tue Jul 02 21:54:46.057026 2024] [authz_core:error] [pid 170491] [client 159.65.18.197:48644] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Tue Jul 02 21:54:46.370375 2024] [:error] [pid 170490] [client 159.65.18.197:48670] [client 159.65.18.197] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZoRbBlTIyEB0oEBuE2818AAAAAY"]
[Tue Jul 02 21:54:46.370864 2024] [:error] [pid 170490] [client 159.65.18.197:48670] [client 159.65.18.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZoRbBlTIyEB0oEBuE2818AAAAAY"]
[Tue Jul 02 21:54:46.371420 2024] [:error] [pid 170490] [client 159.65.18.197:48670] [client 159.65.18.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZoRbBlTIyEB0oEBuE2818AAAAAY"]
[Tue Jul 02 21:54:46.465309 2024] [:error] [pid 170459] [client 159.65.18.197:48686] [client 159.65.18.197] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoRbBhqlpC79bOle2sBr5AAAAAA"]
[Tue Jul 02 21:54:46.465786 2024] [:error] [pid 170459] [client 159.65.18.197:48686] [client 159.65.18.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoRbBhqlpC79bOle2sBr5AAAAAA"]
[Tue Jul 02 21:54:46.466206 2024] [:error] [pid 170459] [client 159.65.18.197:48686] [client 159.65.18.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoRbBhqlpC79bOle2sBr5AAAAAA"]
[Tue Jul 02 21:54:46.561524 2024] [:error] [pid 170460] [client 159.65.18.197:48688] [client 159.65.18.197] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoRbBkeeygXELbKesgqUGAAAAAE"]
[Tue Jul 02 21:54:46.562028 2024] [:error] [pid 170460] [client 159.65.18.197:48688] [client 159.65.18.197] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoRbBkeeygXELbKesgqUGAAAAAE"]
[Tue Jul 02 21:54:46.562456 2024] [:error] [pid 170460] [client 159.65.18.197:48688] [client 159.65.18.197] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoRbBkeeygXELbKesgqUGAAAAAE"]
[Tue Jul 02 23:21:58.440447 2024] [:error] [pid 170494] [client 185.196.9.227:51018] [client 185.196.9.227] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoRvdtH295kWQvQN2AmhGgAAAAk"]
[Tue Jul 02 23:21:58.440891 2024] [:error] [pid 170494] [client 185.196.9.227:51018] [client 185.196.9.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoRvdtH295kWQvQN2AmhGgAAAAk"]
[Tue Jul 02 23:21:58.441132 2024] [:error] [pid 170494] [client 185.196.9.227:51018] [client 185.196.9.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoRvdtH295kWQvQN2AmhGgAAAAk"]
[Wed Jul 03 00:59:08.194582 2024] [:error] [pid 172790] [client 213.232.87.228:63039] [client 213.232.87.228] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZoSGPP4gsg4mWPNAylogLQAAAAE"]
[Wed Jul 03 00:59:08.195073 2024] [:error] [pid 172790] [client 213.232.87.228:63039] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZoSGPP4gsg4mWPNAylogLQAAAAE"]
[Wed Jul 03 00:59:08.195546 2024] [:error] [pid 172790] [client 213.232.87.228:63039] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZoSGPP4gsg4mWPNAylogLQAAAAE"]
[Wed Jul 03 00:59:08.201902 2024] [:error] [pid 172793] [client 213.232.87.228:49487] [client 213.232.87.228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZoSGPANSb97irXcEY4yRrQAAAAU"]
[Wed Jul 03 00:59:08.202567 2024] [:error] [pid 172793] [client 213.232.87.228:49487] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZoSGPANSb97irXcEY4yRrQAAAAU"]
[Wed Jul 03 00:59:08.202955 2024] [:error] [pid 172793] [client 213.232.87.228:49487] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZoSGPANSb97irXcEY4yRrQAAAAU"]
[Wed Jul 03 00:59:08.204382 2024] [authz_core:error] [pid 172361] [client 213.232.87.228:36767] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Wed Jul 03 00:59:08.205828 2024] [:error] [pid 172172] [client 213.232.87.228:7571] [client 213.232.87.228] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYbgAAAAY"]
[Wed Jul 03 00:59:08.206095 2024] [:error] [pid 172172] [client 213.232.87.228:7571] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYbgAAAAY"]
[Wed Jul 03 00:59:08.206309 2024] [:error] [pid 172172] [client 213.232.87.228:7571] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYbgAAAAY"]
[Wed Jul 03 00:59:08.207047 2024] [:error] [pid 172171] [client 213.232.87.228:9097] [client 213.232.87.228] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZoSGPASUx8iTEun0GQdRAAAAAAQ"]
[Wed Jul 03 00:59:08.207210 2024] [:error] [pid 172171] [client 213.232.87.228:9097] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZoSGPASUx8iTEun0GQdRAAAAAAQ"]
[Wed Jul 03 00:59:08.207363 2024] [:error] [pid 172171] [client 213.232.87.228:9097] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZoSGPASUx8iTEun0GQdRAAAAAAQ"]
[Wed Jul 03 00:59:08.293466 2024] [:error] [pid 172361] [client 213.232.87.228:18213] [client 213.232.87.228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZoSGPH7MfiZ70MyUsR6yFQAAAAA"]
[Wed Jul 03 00:59:08.294292 2024] [:error] [pid 172361] [client 213.232.87.228:18213] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZoSGPH7MfiZ70MyUsR6yFQAAAAA"]
[Wed Jul 03 00:59:08.294786 2024] [:error] [pid 172361] [client 213.232.87.228:18213] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZoSGPH7MfiZ70MyUsR6yFQAAAAA"]
[Wed Jul 03 00:59:08.298259 2024] [:error] [pid 172793] [client 213.232.87.228:56573] [client 213.232.87.228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZoSGPANSb97irXcEY4yRrgAAAAU"]
[Wed Jul 03 00:59:08.298727 2024] [:error] [pid 172793] [client 213.232.87.228:56573] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZoSGPANSb97irXcEY4yRrgAAAAU"]
[Wed Jul 03 00:59:08.299145 2024] [:error] [pid 172793] [client 213.232.87.228:56573] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZoSGPANSb97irXcEY4yRrgAAAAU"]
[Wed Jul 03 00:59:08.301176 2024] [:error] [pid 172790] [client 213.232.87.228:18425] [client 213.232.87.228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoSGPP4gsg4mWPNAylogLgAAAAE"]
[Wed Jul 03 00:59:08.301552 2024] [:error] [pid 172790] [client 213.232.87.228:18425] [client 213.232.87.228] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoSGPP4gsg4mWPNAylogLgAAAAE"]
[Wed Jul 03 00:59:08.302070 2024] [:error] [pid 172790] [client 213.232.87.228:18425] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoSGPP4gsg4mWPNAylogLgAAAAE"]
[Wed Jul 03 00:59:08.302486 2024] [:error] [pid 172790] [client 213.232.87.228:18425] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoSGPP4gsg4mWPNAylogLgAAAAE"]
[Wed Jul 03 00:59:08.306194 2024] [:error] [pid 172171] [client 213.232.87.228:2313] [client 213.232.87.228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZoSGPASUx8iTEun0GQdRAQAAAAQ"]
[Wed Jul 03 00:59:08.306510 2024] [:error] [pid 172171] [client 213.232.87.228:2313] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZoSGPASUx8iTEun0GQdRAQAAAAQ"]
[Wed Jul 03 00:59:08.306662 2024] [:error] [pid 172172] [client 213.232.87.228:11869] [client 213.232.87.228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYbwAAAAY"]
[Wed Jul 03 00:59:08.306680 2024] [:error] [pid 172171] [client 213.232.87.228:2313] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZoSGPASUx8iTEun0GQdRAQAAAAQ"]
[Wed Jul 03 00:59:08.306955 2024] [:error] [pid 172172] [client 213.232.87.228:11869] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYbwAAAAY"]
[Wed Jul 03 00:59:08.307174 2024] [:error] [pid 172172] [client 213.232.87.228:11869] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYbwAAAAY"]
[Wed Jul 03 00:59:08.308402 2024] [:error] [pid 172173] [client 213.232.87.228:27923] [client 213.232.87.228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoSGPAg4yg-cxaN2E3S_mAAAAAc"]
[Wed Jul 03 00:59:08.308588 2024] [:error] [pid 172173] [client 213.232.87.228:27923] [client 213.232.87.228] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoSGPAg4yg-cxaN2E3S_mAAAAAc"]
[Wed Jul 03 00:59:08.308760 2024] [:error] [pid 172173] [client 213.232.87.228:27923] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoSGPAg4yg-cxaN2E3S_mAAAAAc"]
[Wed Jul 03 00:59:08.308944 2024] [:error] [pid 172173] [client 213.232.87.228:27923] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoSGPAg4yg-cxaN2E3S_mAAAAAc"]
[Wed Jul 03 00:59:08.391598 2024] [:error] [pid 172793] [client 213.232.87.228:35381] [client 213.232.87.228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoSGPANSb97irXcEY4yRrwAAAAU"]
[Wed Jul 03 00:59:08.392096 2024] [:error] [pid 172793] [client 213.232.87.228:35381] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoSGPANSb97irXcEY4yRrwAAAAU"]
[Wed Jul 03 00:59:08.392567 2024] [:error] [pid 172793] [client 213.232.87.228:35381] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoSGPANSb97irXcEY4yRrwAAAAU"]
[Wed Jul 03 00:59:08.398637 2024] [:error] [pid 172172] [client 213.232.87.228:54597] [client 213.232.87.228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYcAAAAAY"]
[Wed Jul 03 00:59:08.399236 2024] [:error] [pid 172172] [client 213.232.87.228:54597] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYcAAAAAY"]
[Wed Jul 03 00:59:08.399532 2024] [:error] [pid 172172] [client 213.232.87.228:54597] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "ZoSGPLnQ6Hj3gbsgZfXYcAAAAAY"]
[Wed Jul 03 00:59:08.401805 2024] [:error] [pid 172173] [client 213.232.87.228:16663] [client 213.232.87.228] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoSGPAg4yg-cxaN2E3S_mQAAAAc"]
[Wed Jul 03 00:59:08.402155 2024] [:error] [pid 172173] [client 213.232.87.228:16663] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoSGPAg4yg-cxaN2E3S_mQAAAAc"]
[Wed Jul 03 00:59:08.402465 2024] [:error] [pid 172173] [client 213.232.87.228:16663] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoSGPAg4yg-cxaN2E3S_mQAAAAc"]
[Wed Jul 03 00:59:08.503309 2024] [:error] [pid 172790] [client 213.232.87.228:25387] [client 213.232.87.228] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZoSGPP4gsg4mWPNAylogMAAAAAE"]
[Wed Jul 03 00:59:08.503613 2024] [:error] [pid 172790] [client 213.232.87.228:25387] [client 213.232.87.228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZoSGPP4gsg4mWPNAylogMAAAAAE"]
[Wed Jul 03 00:59:08.503863 2024] [:error] [pid 172790] [client 213.232.87.228:25387] [client 213.232.87.228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZoSGPP4gsg4mWPNAylogMAAAAAE"]
[Wed Jul 03 08:59:22.765927 2024] [:error] [pid 180072] [client 179.43.188.122:34804] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoT2yvrJag6DYtsbRZfl6wAAAAc"]
[Wed Jul 03 08:59:22.766615 2024] [:error] [pid 180072] [client 179.43.188.122:34804] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoT2yvrJag6DYtsbRZfl6wAAAAc"]
[Wed Jul 03 08:59:22.767014 2024] [:error] [pid 180072] [client 179.43.188.122:34804] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZoT2yvrJag6DYtsbRZfl6wAAAAc"]
[Wed Jul 03 21:00:51.547397 2024] [:error] [pid 175796] [client 179.43.149.114:38672] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoWf4zuNM2Wju_MXTH_sJQAAAAQ"]
[Wed Jul 03 21:00:51.547926 2024] [:error] [pid 175796] [client 179.43.149.114:38672] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoWf4zuNM2Wju_MXTH_sJQAAAAQ"]
[Wed Jul 03 21:00:51.548410 2024] [:error] [pid 175796] [client 179.43.149.114:38672] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoWf4zuNM2Wju_MXTH_sJQAAAAQ"]
[Wed Jul 03 21:00:51.608037 2024] [:error] [pid 186238] [client 179.43.149.114:38674] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZoWf45cZrGMnDHjsEjDaLgAAAAo"]
[Wed Jul 03 21:00:51.608409 2024] [:error] [pid 186238] [client 179.43.149.114:38674] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZoWf45cZrGMnDHjsEjDaLgAAAAo"]
[Wed Jul 03 21:00:51.608730 2024] [:error] [pid 186238] [client 179.43.149.114:38674] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZoWf45cZrGMnDHjsEjDaLgAAAAo"]
[Wed Jul 03 21:00:51.718939 2024] [:error] [pid 175794] [client 179.43.149.114:38686] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZoWf4_utXFCckQAHmdY9rwAAAAI"]
[Wed Jul 03 21:00:51.719341 2024] [:error] [pid 175794] [client 179.43.149.114:38686] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZoWf4_utXFCckQAHmdY9rwAAAAI"]
[Wed Jul 03 21:00:51.719699 2024] [:error] [pid 175794] [client 179.43.149.114:38686] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZoWf4_utXFCckQAHmdY9rwAAAAI"]
[Wed Jul 03 21:00:51.774635 2024] [:error] [pid 175797] [client 179.43.149.114:38690] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ZoWf46SdEEvMgiwof_cPSgAAAAU"]
[Wed Jul 03 21:00:51.775164 2024] [:error] [pid 175797] [client 179.43.149.114:38690] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ZoWf46SdEEvMgiwof_cPSgAAAAU"]
[Wed Jul 03 21:00:51.775632 2024] [:error] [pid 175797] [client 179.43.149.114:38690] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "ZoWf46SdEEvMgiwof_cPSgAAAAU"]
[Wed Jul 03 21:00:51.821878 2024] [:error] [pid 176836] [client 179.43.149.114:38700] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ZoWf42vNIH31i6uIbc6asQAAAAY"]
[Wed Jul 03 21:00:51.822346 2024] [:error] [pid 176836] [client 179.43.149.114:38700] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ZoWf42vNIH31i6uIbc6asQAAAAY"]
[Wed Jul 03 21:00:51.822831 2024] [:error] [pid 176836] [client 179.43.149.114:38700] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "ZoWf42vNIH31i6uIbc6asQAAAAY"]
[Wed Jul 03 21:00:51.911811 2024] [:error] [pid 175793] [client 179.43.149.114:38710] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "ZoWf4-lqIcg4lhRcvIn8NgAAAAE"]
[Wed Jul 03 21:00:51.912318 2024] [:error] [pid 175793] [client 179.43.149.114:38710] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "ZoWf4-lqIcg4lhRcvIn8NgAAAAE"]
[Wed Jul 03 21:00:51.912803 2024] [:error] [pid 175793] [client 179.43.149.114:38710] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "ZoWf4-lqIcg4lhRcvIn8NgAAAAE"]
[Wed Jul 03 21:00:52.043454 2024] [:error] [pid 186236] [client 179.43.149.114:38742] [client 179.43.149.114] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoWf5ADCavCpRuvPraVjpAAAAAg"]
[Wed Jul 03 21:00:52.043948 2024] [:error] [pid 186236] [client 179.43.149.114:38742] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoWf5ADCavCpRuvPraVjpAAAAAg"]
[Wed Jul 03 21:00:52.044445 2024] [:error] [pid 186236] [client 179.43.149.114:38742] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoWf5ADCavCpRuvPraVjpAAAAAg"]
[Wed Jul 03 21:00:52.104355 2024] [:error] [pid 186237] [client 179.43.149.114:38744] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZoWf5GG3GNEjEd5gn8q51gAAAAk"]
[Wed Jul 03 21:00:52.104883 2024] [:error] [pid 186237] [client 179.43.149.114:38744] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZoWf5GG3GNEjEd5gn8q51gAAAAk"]
[Wed Jul 03 21:00:52.105397 2024] [:error] [pid 186237] [client 179.43.149.114:38744] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZoWf5GG3GNEjEd5gn8q51gAAAAk"]
[Wed Jul 03 21:04:31.933120 2024] [:error] [pid 193283] [client 213.232.87.232:45269] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZoWgv3uZ3DDj8g5CTyWdHgAAAAw"]
[Wed Jul 03 21:04:31.933873 2024] [:error] [pid 193283] [client 213.232.87.232:45269] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZoWgv3uZ3DDj8g5CTyWdHgAAAAw"]
[Wed Jul 03 21:04:31.934273 2024] [:error] [pid 193283] [client 213.232.87.232:45269] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "ZoWgv3uZ3DDj8g5CTyWdHgAAAAw"]
[Wed Jul 03 21:04:31.939779 2024] [:error] [pid 193281] [client 213.232.87.232:34011] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoWgv_QafZJStfF3JCG4ZAAAAAA"]
[Wed Jul 03 21:04:31.940133 2024] [:error] [pid 193281] [client 213.232.87.232:34011] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoWgv_QafZJStfF3JCG4ZAAAAAA"]
[Wed Jul 03 21:04:31.940491 2024] [:error] [pid 193281] [client 213.232.87.232:34011] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoWgv_QafZJStfF3JCG4ZAAAAAA"]
[Wed Jul 03 21:04:31.941261 2024] [:error] [pid 193281] [client 213.232.87.232:34011] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "ZoWgv_QafZJStfF3JCG4ZAAAAAA"]
[Wed Jul 03 21:04:32.037272 2024] [:error] [pid 193282] [client 213.232.87.232:18471] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZoWgwJU3POubyhAm_9HUUwAAAAs"]
[Wed Jul 03 21:04:32.037815 2024] [:error] [pid 193282] [client 213.232.87.232:18471] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZoWgwJU3POubyhAm_9HUUwAAAAs"]
[Wed Jul 03 21:04:32.038237 2024] [:error] [pid 193282] [client 213.232.87.232:18471] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "ZoWgwJU3POubyhAm_9HUUwAAAAs"]
[Wed Jul 03 21:04:32.041413 2024] [:error] [pid 193283] [client 213.232.87.232:11597] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoWgwHuZ3DDj8g5CTyWdHwAAAAw"]
[Wed Jul 03 21:04:32.041660 2024] [:error] [pid 193283] [client 213.232.87.232:11597] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoWgwHuZ3DDj8g5CTyWdHwAAAAw"]
[Wed Jul 03 21:04:32.041863 2024] [:error] [pid 193283] [client 213.232.87.232:11597] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZoWgwHuZ3DDj8g5CTyWdHwAAAAw"]
[Wed Jul 03 21:04:32.042414 2024] [:error] [pid 175795] [client 213.232.87.232:39469] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZoWgwCU1zR7h-N8gLwkyuAAAAAM"]
[Wed Jul 03 21:04:32.042883 2024] [:error] [pid 175795] [client 213.232.87.232:39469] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZoWgwCU1zR7h-N8gLwkyuAAAAAM"]
[Wed Jul 03 21:04:32.043288 2024] [:error] [pid 175795] [client 213.232.87.232:39469] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "ZoWgwCU1zR7h-N8gLwkyuAAAAAM"]
[Wed Jul 03 21:04:32.049497 2024] [:error] [pid 193287] [client 213.232.87.232:36605] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZoWgwN2cSMlhlh7DnOvv9AAAABA"]
[Wed Jul 03 21:04:32.049765 2024] [:error] [pid 193287] [client 213.232.87.232:36605] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZoWgwN2cSMlhlh7DnOvv9AAAABA"]
[Wed Jul 03 21:04:32.049920 2024] [:error] [pid 193287] [client 213.232.87.232:36605] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "ZoWgwN2cSMlhlh7DnOvv9AAAABA"]
[Wed Jul 03 21:04:32.055381 2024] [:error] [pid 193284] [client 213.232.87.232:48357] [client 213.232.87.232] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZoWgwAF2oWEsbP11aYQkrwAAAA0"]
[Wed Jul 03 21:04:32.055540 2024] [:error] [pid 193284] [client 213.232.87.232:48357] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZoWgwAF2oWEsbP11aYQkrwAAAA0"]
[Wed Jul 03 21:04:32.055686 2024] [:error] [pid 193284] [client 213.232.87.232:48357] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "ZoWgwAF2oWEsbP11aYQkrwAAAA0"]
[Wed Jul 03 21:04:32.055983 2024] [:error] [pid 180072] [client 213.232.87.232:2725] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZoWgwPrJag6DYtsbRZfmFQAAAAc"]
[Wed Jul 03 21:04:32.056194 2024] [:error] [pid 180072] [client 213.232.87.232:2725] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZoWgwPrJag6DYtsbRZfmFQAAAAc"]
[Wed Jul 03 21:04:32.056405 2024] [:error] [pid 180072] [client 213.232.87.232:2725] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "ZoWgwPrJag6DYtsbRZfmFQAAAAc"]
[Wed Jul 03 21:04:32.126459 2024] [:error] [pid 193281] [client 213.232.87.232:14973] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZoWgwPQafZJStfF3JCG4ZgAAAAA"]
[Wed Jul 03 21:04:32.127195 2024] [:error] [pid 193281] [client 213.232.87.232:14973] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZoWgwPQafZJStfF3JCG4ZgAAAAA"]
[Wed Jul 03 21:04:32.127604 2024] [:error] [pid 193281] [client 213.232.87.232:14973] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "ZoWgwPQafZJStfF3JCG4ZgAAAAA"]
[Wed Jul 03 21:04:32.137153 2024] [authz_core:error] [pid 193282] [client 213.232.87.232:28015] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Wed Jul 03 21:04:32.147211 2024] [:error] [pid 175795] [client 213.232.87.232:36185] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoWgwCU1zR7h-N8gLwkyuQAAAAM"]
[Wed Jul 03 21:04:32.147596 2024] [:error] [pid 175795] [client 213.232.87.232:36185] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoWgwCU1zR7h-N8gLwkyuQAAAAM"]
[Wed Jul 03 21:04:32.147597 2024] [:error] [pid 193285] [client 213.232.87.232:44725] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZoWgwEGXvb-mMxtARta9lgAAAA4"]
[Wed Jul 03 21:04:32.147866 2024] [:error] [pid 193285] [client 213.232.87.232:44725] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZoWgwEGXvb-mMxtARta9lgAAAA4"]
[Wed Jul 03 21:04:32.147883 2024] [:error] [pid 175795] [client 213.232.87.232:36185] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoWgwCU1zR7h-N8gLwkyuQAAAAM"]
[Wed Jul 03 21:04:32.148074 2024] [:error] [pid 193285] [client 213.232.87.232:44725] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZoWgwEGXvb-mMxtARta9lgAAAA4"]
[Wed Jul 03 21:04:32.148135 2024] [:error] [pid 175795] [client 213.232.87.232:36185] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "ZoWgwCU1zR7h-N8gLwkyuQAAAAM"]
[Wed Jul 03 21:04:32.148734 2024] [:error] [pid 193286] [client 213.232.87.232:47593] [client 213.232.87.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoWgwOTsELWdno8uffUSvwAAAA8"]
[Wed Jul 03 21:04:32.148982 2024] [:error] [pid 193286] [client 213.232.87.232:47593] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoWgwOTsELWdno8uffUSvwAAAA8"]
[Wed Jul 03 21:04:32.149212 2024] [:error] [pid 193286] [client 213.232.87.232:47593] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZoWgwOTsELWdno8uffUSvwAAAA8"]
[Wed Jul 03 21:04:32.154379 2024] [:error] [pid 193329] [client 213.232.87.232:27443] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZoWgwEjtJT3KesisB6wYlAAAAAE"]
[Wed Jul 03 21:04:32.154719 2024] [:error] [pid 193329] [client 213.232.87.232:27443] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZoWgwEjtJT3KesisB6wYlAAAAAE"]
[Wed Jul 03 21:04:32.154928 2024] [:error] [pid 193329] [client 213.232.87.232:27443] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "ZoWgwEjtJT3KesisB6wYlAAAAAE"]
[Wed Jul 03 21:04:32.222782 2024] [:error] [pid 193281] [client 213.232.87.232:52127] [client 213.232.87.232] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "ZoWgwPQafZJStfF3JCG4ZwAAAAA"]
[Wed Jul 03 21:04:32.223539 2024] [:error] [pid 193281] [client 213.232.87.232:52127] [client 213.232.87.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "ZoWgwPQafZJStfF3JCG4ZwAAAAA"]
[Wed Jul 03 21:04:32.223899 2024] [:error] [pid 193281] [client 213.232.87.232:52127] [client 213.232.87.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "ZoWgwPQafZJStfF3JCG4ZwAAAAA"]
[Fri Jul 05 21:12:38.133144 2024] [:error] [pid 220519] [client 45.148.10.230:41812] [client 45.148.10.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZohFpsDUgyflA4UkJFVwjwAAAAU"]
[Fri Jul 05 21:12:38.133905 2024] [:error] [pid 220519] [client 45.148.10.230:41812] [client 45.148.10.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZohFpsDUgyflA4UkJFVwjwAAAAU"]
[Fri Jul 05 21:12:38.134356 2024] [:error] [pid 220519] [client 45.148.10.230:41812] [client 45.148.10.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZohFpsDUgyflA4UkJFVwjwAAAAU"]
[Mon Jul 08 20:09:46.883955 2024] [:error] [pid 286285] [client 179.43.188.122:37130] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zowrajwn1f4ZGxotcdmF0QAAAAM"]
[Mon Jul 08 20:09:46.885735 2024] [:error] [pid 286285] [client 179.43.188.122:37130] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zowrajwn1f4ZGxotcdmF0QAAAAM"]
[Mon Jul 08 20:09:46.886248 2024] [:error] [pid 286285] [client 179.43.188.122:37130] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zowrajwn1f4ZGxotcdmF0QAAAAM"]
[Tue Jul 09 10:23:15.239233 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /var/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/var/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgcgAAAAM"]
[Tue Jul 09 10:23:15.242393 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgcgAAAAM"]
[Tue Jul 09 10:23:15.242720 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgcgAAAAM"]
[Tue Jul 09 10:23:15.240454 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMAAAAAI"]
[Tue Jul 09 10:23:15.243826 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMAAAAAI"]
[Tue Jul 09 10:23:15.243863 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /back/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/back/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpCgAAAAU"]
[Tue Jul 09 10:23:15.244144 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMAAAAAI"]
[Tue Jul 09 10:23:15.244398 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/back/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpCgAAAAU"]
[Tue Jul 09 10:23:15.241897 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /home/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1AAAAAQ"]
[Tue Jul 09 10:23:15.245126 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1AAAAAQ"]
[Tue Jul 09 10:23:15.245418 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1AAAAAQ"]
[Tue Jul 09 10:23:15.247560 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbawAAAAc"]
[Tue Jul 09 10:23:15.247650 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjQAAAAA"]
[Tue Jul 09 10:23:15.247970 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjQAAAAA"]
[Tue Jul 09 10:23:15.248085 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbawAAAAc"]
[Tue Jul 09 10:23:15.248265 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjQAAAAA"]
[Tue Jul 09 10:23:15.248426 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbawAAAAc"]
[Tue Jul 09 10:23:15.248846 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKXgAAAAE"]
[Tue Jul 09 10:23:15.249010 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKXgAAAAE"]
[Tue Jul 09 10:23:15.249187 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKXgAAAAE"]
[Tue Jul 09 10:23:15.249214 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQgwAAAAY"]
[Tue Jul 09 10:23:15.249369 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/back/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpCgAAAAU"]
[Tue Jul 09 10:23:15.249436 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQgwAAAAY"]
[Tue Jul 09 10:23:15.249640 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQgwAAAAY"]
[Tue Jul 09 10:23:15.341775 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgcwAAAAM"]
[Tue Jul 09 10:23:15.342062 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgcwAAAAM"]
[Tue Jul 09 10:23:15.342297 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgcwAAAAM"]
[Tue Jul 09 10:23:15.343686 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMQAAAAI"]
[Tue Jul 09 10:23:15.343879 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMQAAAAI"]
[Tue Jul 09 10:23:15.344043 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMQAAAAI"]
[Tue Jul 09 10:23:15.345255 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /www/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1QAAAAQ"]
[Tue Jul 09 10:23:15.345409 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1QAAAAQ"]
[Tue Jul 09 10:23:15.345568 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1QAAAAQ"]
[Tue Jul 09 10:23:15.347096 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /http/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/http/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbbAAAAAc"]
[Tue Jul 09 10:23:15.347250 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/http/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbbAAAAAc"]
[Tue Jul 09 10:23:15.347426 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/http/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbbAAAAAc"]
[Tue Jul 09 10:23:15.348548 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /htdocs/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/htdocs/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKXwAAAAE"]
[Tue Jul 09 10:23:15.348729 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/htdocs/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKXwAAAAE"]
[Tue Jul 09 10:23:15.348762 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQhAAAAAY"]
[Tue Jul 09 10:23:15.348885 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/htdocs/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKXwAAAAE"]
[Tue Jul 09 10:23:15.348922 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQhAAAAAY"]
[Tue Jul 09 10:23:15.349090 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQhAAAAAY"]
[Tue Jul 09 10:23:15.349994 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /assets/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpCwAAAAU"]
[Tue Jul 09 10:23:15.350142 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpCwAAAAU"]
[Tue Jul 09 10:23:15.350175 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjgAAAAA"]
[Tue Jul 09 10:23:15.350298 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpCwAAAAU"]
[Tue Jul 09 10:23:15.350323 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjgAAAAA"]
[Tue Jul 09 10:23:15.350479 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjgAAAAA"]
[Tue Jul 09 10:23:15.444778 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMgAAAAI"]
[Tue Jul 09 10:23:15.445304 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMgAAAAI"]
[Tue Jul 09 10:23:15.445949 2024] [:error] [pid 309697] [client 83.147.52.49:48212] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZozzcxOpy1jxymUNQh4DMgAAAAI"]
[Tue Jul 09 10:23:15.446207 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /css/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/css/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1gAAAAQ"]
[Tue Jul 09 10:23:15.446514 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/css/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1gAAAAQ"]
[Tue Jul 09 10:23:15.446821 2024] [:error] [pid 309699] [client 83.147.52.49:48118] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/css/.git/config"] [unique_id "Zozzc6Qq4ckNRxaGPPIH1gAAAAQ"]
[Tue Jul 09 10:23:15.448447 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /git/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQhQAAAAY"]
[Tue Jul 09 10:23:15.448737 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQhQAAAAY"]
[Tue Jul 09 10:23:15.449002 2024] [:error] [pid 313441] [client 83.147.52.49:48160] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Zozzc4A2vJIlvyCIAtFQhQAAAAY"]
[Tue Jul 09 10:23:15.449891 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wiki/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgdAAAAAM"]
[Tue Jul 09 10:23:15.450141 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgdAAAAAM"]
[Tue Jul 09 10:23:15.450409 2024] [:error] [pid 309698] [client 83.147.52.49:48226] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZozzcztIFtivjnrxdzEgdAAAAAM"]
[Tue Jul 09 10:23:15.452992 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /index/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/index.html/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjwAAAAA"]
[Tue Jul 09 10:23:15.453177 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/index.html/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjwAAAAA"]
[Tue Jul 09 10:23:15.453368 2024] [:error] [pid 309695] [client 83.147.52.49:48192] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/index.html/.git/config"] [unique_id "Zozzc52OIe3M2j2NoFsCjwAAAAA"]
[Tue Jul 09 10:23:15.454179 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /login/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpDAAAAAU"]
[Tue Jul 09 10:23:15.454437 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpDAAAAAU"]
[Tue Jul 09 10:23:15.454506 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKYAAAAAE"]
[Tue Jul 09 10:23:15.454684 2024] [:error] [pid 309700] [client 83.147.52.49:48150] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.git/config"] [unique_id "Zozzc-LMDwIajEb4yjnpDAAAAAU"]
[Tue Jul 09 10:23:15.454707 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKYAAAAAE"]
[Tue Jul 09 10:23:15.454900 2024] [:error] [pid 309696] [client 83.147.52.49:48178] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Zozzc0kXXWIKmMqU1KDKYAAAAAE"]
[Tue Jul 09 10:23:15.456407 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbbQAAAAc"]
[Tue Jul 09 10:23:15.456684 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbbQAAAAc"]
[Tue Jul 09 10:23:15.456924 2024] [:error] [pid 314410] [client 83.147.52.49:48162] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Zozzc1dddELZEc5T3XtbbQAAAAc"]
[Sun Jul 14 02:23:09.392262 2024] [:error] [pid 431713] [client 45.148.10.230:51396] [client 45.148.10.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZpMabZagZXpOsbhLlOQMRAAAAAA"]
[Sun Jul 14 02:23:09.394412 2024] [:error] [pid 431713] [client 45.148.10.230:51396] [client 45.148.10.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZpMabZagZXpOsbhLlOQMRAAAAAA"]
[Sun Jul 14 02:23:09.394857 2024] [:error] [pid 431713] [client 45.148.10.230:51396] [client 45.148.10.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZpMabZagZXpOsbhLlOQMRAAAAAA"]
[Sat Jul 20 19:42:05.638090 2024] [:error] [pid 572291] [client 45.148.10.230:43600] [client 45.148.10.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zpv27QecEnNtiQht0MFzjQAAAAA"]
[Sat Jul 20 19:42:05.640703 2024] [:error] [pid 572291] [client 45.148.10.230:43600] [client 45.148.10.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zpv27QecEnNtiQht0MFzjQAAAAA"]
[Sat Jul 20 19:42:05.641184 2024] [:error] [pid 572291] [client 45.148.10.230:43600] [client 45.148.10.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zpv27QecEnNtiQht0MFzjQAAAAA"]
[Thu Aug 08 16:42:15.632074 2024] [:error] [pid 1015471] [client 45.148.10.59:50610] [client 45.148.10.59] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZrTZR9wBdVKHI0Fe6mJT_AAAAAI"]
[Thu Aug 08 16:42:15.633895 2024] [:error] [pid 1015471] [client 45.148.10.59:50610] [client 45.148.10.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZrTZR9wBdVKHI0Fe6mJT_AAAAAI"]
[Thu Aug 08 16:42:15.634086 2024] [:error] [pid 1015471] [client 45.148.10.59:50610] [client 45.148.10.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZrTZR9wBdVKHI0Fe6mJT_AAAAAI"]
[Sun Aug 11 02:33:58.914946 2024] [:error] [pid 1091701] [client 45.148.10.142:58510] [client 45.148.10.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrgG9lkjVI3jtUjkNPjniAAAAAE"]
[Sun Aug 11 02:33:58.916981 2024] [:error] [pid 1091701] [client 45.148.10.142:58510] [client 45.148.10.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrgG9lkjVI3jtUjkNPjniAAAAAE"]
[Sun Aug 11 02:33:58.917158 2024] [:error] [pid 1091701] [client 45.148.10.142:58510] [client 45.148.10.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrgG9lkjVI3jtUjkNPjniAAAAAE"]
[Sun Aug 11 16:46:27.858512 2024] [:error] [pid 1096821] [client 83.147.52.49:50984] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrjOw6DBjT3wTTtsv8ZIigAAAAs"]
[Sun Aug 11 16:46:27.858772 2024] [:error] [pid 1096821] [client 83.147.52.49:50984] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrjOw6DBjT3wTTtsv8ZIigAAAAs"]
[Sun Aug 11 16:46:27.858951 2024] [:error] [pid 1096821] [client 83.147.52.49:50984] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZrjOw6DBjT3wTTtsv8ZIigAAAAs"]
[Sun Aug 11 16:46:27.862600 2024] [:error] [pid 1096123] [client 83.147.52.49:51000] [client 83.147.52.49] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "ZrjOwzVDwua2QAlUOKTHKQAAAAY"]
[Sun Aug 11 16:46:27.862770 2024] [:error] [pid 1096123] [client 83.147.52.49:51000] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "ZrjOwzVDwua2QAlUOKTHKQAAAAY"]
[Sun Aug 11 16:46:27.862924 2024] [:error] [pid 1096123] [client 83.147.52.49:51000] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "ZrjOwzVDwua2QAlUOKTHKQAAAAY"]
[Sun Aug 11 16:46:27.872247 2024] [:error] [pid 1096832] [client 83.147.52.49:51024] [client 83.147.52.49] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZrjOw6OYJ5TK5ybVktmoDgAAAAQ"]
[Sun Aug 11 16:46:27.872393 2024] [:error] [pid 1096832] [client 83.147.52.49:51024] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZrjOw6OYJ5TK5ybVktmoDgAAAAQ"]
[Sun Aug 11 16:46:27.872537 2024] [:error] [pid 1096832] [client 83.147.52.49:51024] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZrjOw6OYJ5TK5ybVktmoDgAAAAQ"]
[Sun Aug 11 16:46:27.966482 2024] [:error] [pid 1095404] [client 83.147.52.49:51016] [client 83.147.52.49] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZrjOw_W2jbWtubDNbG1heAAAAAA"]
[Sun Aug 11 16:46:27.966695 2024] [:error] [pid 1095404] [client 83.147.52.49:51016] [client 83.147.52.49] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZrjOw_W2jbWtubDNbG1heAAAAAA"]
[Sun Aug 11 16:46:27.966869 2024] [:error] [pid 1095404] [client 83.147.52.49:51016] [client 83.147.52.49] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZrjOw_W2jbWtubDNbG1heAAAAAA"]
[Tue Aug 20 11:19:24.364118 2024] [:error] [pid 1322098] [client 45.148.10.142:58238] [client 45.148.10.142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZsRfnLfFEDrKhcp2X3hLmAAAAAo"]
[Tue Aug 20 11:19:24.366064 2024] [:error] [pid 1322098] [client 45.148.10.142:58238] [client 45.148.10.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZsRfnLfFEDrKhcp2X3hLmAAAAAo"]
[Tue Aug 20 11:19:24.366239 2024] [:error] [pid 1322098] [client 45.148.10.142:58238] [client 45.148.10.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZsRfnLfFEDrKhcp2X3hLmAAAAAo"]
[Sun Aug 25 05:18:27.353851 2024] [:error] [pid 1441359] [client 45.148.10.142:58730] [client 45.148.10.142] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zsqig56ldaQBUd6B7XURwwAAAAU"]
[Sun Aug 25 05:18:27.355017 2024] [:error] [pid 1441359] [client 45.148.10.142:58730] [client 45.148.10.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zsqig56ldaQBUd6B7XURwwAAAAU"]
[Sun Aug 25 05:18:27.355198 2024] [:error] [pid 1441359] [client 45.148.10.142:58730] [client 45.148.10.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zsqig56ldaQBUd6B7XURwwAAAAU"]
[Sat Aug 31 21:03:33.817341 2024] [authz_core:error] [pid 1595161] [client 64.225.75.246:56932] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Sat Aug 31 21:03:34.788030 2024] [:error] [pid 1595135] [client 64.225.75.246:56958] [client 64.225.75.246] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZtNpBkNsH6Ul5QWR8qVDGwAAAAM"]
[Sat Aug 31 21:03:34.788256 2024] [:error] [pid 1595135] [client 64.225.75.246:56958] [client 64.225.75.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZtNpBkNsH6Ul5QWR8qVDGwAAAAM"]
[Sat Aug 31 21:03:34.788460 2024] [:error] [pid 1595135] [client 64.225.75.246:56958] [client 64.225.75.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZtNpBkNsH6Ul5QWR8qVDGwAAAAM"]
[Sat Aug 31 21:03:34.881674 2024] [:error] [pid 1595162] [client 64.225.75.246:56964] [client 64.225.75.246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtNpBimykplp8bI5SmVrUAAAAAQ"]
[Sat Aug 31 21:03:34.881934 2024] [:error] [pid 1595162] [client 64.225.75.246:56964] [client 64.225.75.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtNpBimykplp8bI5SmVrUAAAAAQ"]
[Sat Aug 31 21:03:34.882139 2024] [:error] [pid 1595162] [client 64.225.75.246:56964] [client 64.225.75.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtNpBimykplp8bI5SmVrUAAAAAQ"]
[Sat Aug 31 21:03:34.987250 2024] [:error] [pid 1595133] [client 64.225.75.246:56966] [client 64.225.75.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtNpBtgfc3RepCeUzd1y6wAAAAo"]
[Sat Aug 31 21:03:34.987473 2024] [:error] [pid 1595133] [client 64.225.75.246:56966] [client 64.225.75.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtNpBtgfc3RepCeUzd1y6wAAAAo"]
[Sat Aug 31 21:03:34.987650 2024] [:error] [pid 1595133] [client 64.225.75.246:56966] [client 64.225.75.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtNpBtgfc3RepCeUzd1y6wAAAAo"]
[Mon Sep 02 05:20:11.567719 2024] [:error] [pid 1622514] [client 195.178.110.35:44536] [client 195.178.110.35] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtUu61PEwbU3AgrFpXLh3AAAAAQ"]
[Mon Sep 02 05:20:11.567961 2024] [:error] [pid 1622514] [client 195.178.110.35:44536] [client 195.178.110.35] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtUu61PEwbU3AgrFpXLh3AAAAAQ"]
[Mon Sep 02 05:20:11.568136 2024] [:error] [pid 1622514] [client 195.178.110.35:44536] [client 195.178.110.35] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtUu61PEwbU3AgrFpXLh3AAAAAQ"]
[Mon Sep 02 07:03:06.348965 2024] [:error] [pid 1622516] [client 179.43.149.114:57154] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtVHCu6vGFRXcjrrrpT-vgAAAAU"]
[Mon Sep 02 07:03:06.349225 2024] [:error] [pid 1622516] [client 179.43.149.114:57154] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtVHCu6vGFRXcjrrrpT-vgAAAAU"]
[Mon Sep 02 07:03:06.349389 2024] [:error] [pid 1622516] [client 179.43.149.114:57154] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtVHCu6vGFRXcjrrrpT-vgAAAAU"]
[Mon Sep 02 07:03:06.392746 2024] [:error] [pid 1622511] [client 179.43.149.114:57166] [client 179.43.149.114] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "ZtVHCh9Opdfq8zuVfMZmowAAAAE"]
[Mon Sep 02 07:03:06.392969 2024] [:error] [pid 1622511] [client 179.43.149.114:57166] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "ZtVHCh9Opdfq8zuVfMZmowAAAAE"]
[Mon Sep 02 07:03:06.393133 2024] [:error] [pid 1622511] [client 179.43.149.114:57166] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "ZtVHCh9Opdfq8zuVfMZmowAAAAE"]
[Mon Sep 02 07:03:06.427129 2024] [:error] [pid 1623175] [client 179.43.149.114:57172] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZtVHCoaaXDnf4BvsXx326gAAAAg"]
[Mon Sep 02 07:03:06.427351 2024] [:error] [pid 1623175] [client 179.43.149.114:57172] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZtVHCoaaXDnf4BvsXx326gAAAAg"]
[Mon Sep 02 07:03:06.427521 2024] [:error] [pid 1623175] [client 179.43.149.114:57172] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZtVHCoaaXDnf4BvsXx326gAAAAg"]
[Mon Sep 02 07:03:06.461834 2024] [:error] [pid 1623168] [client 179.43.149.114:57186] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZtVHCpuKmSf7Wo3EornBDAAAAAY"]
[Mon Sep 02 07:03:06.462062 2024] [:error] [pid 1623168] [client 179.43.149.114:57186] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZtVHCpuKmSf7Wo3EornBDAAAAAY"]
[Mon Sep 02 07:03:06.462266 2024] [:error] [pid 1623168] [client 179.43.149.114:57186] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZtVHCpuKmSf7Wo3EornBDAAAAAY"]
[Mon Sep 02 07:03:06.529070 2024] [:error] [pid 1622510] [client 179.43.149.114:57210] [client 179.43.149.114] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZtVHCghQpUhQPAF6tQSnUAAAAAA"]
[Mon Sep 02 07:03:06.529293 2024] [:error] [pid 1622510] [client 179.43.149.114:57210] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZtVHCghQpUhQPAF6tQSnUAAAAAA"]
[Mon Sep 02 07:03:06.529482 2024] [:error] [pid 1622510] [client 179.43.149.114:57210] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZtVHCghQpUhQPAF6tQSnUAAAAAA"]
[Mon Sep 02 11:15:10.243945 2024] [:error] [pid 1622514] [client 179.43.149.114:51162] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZtWCHlPEwbU3AgrFpXLh_AAAAAQ"]
[Mon Sep 02 11:15:10.244189 2024] [:error] [pid 1622514] [client 179.43.149.114:51162] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZtWCHlPEwbU3AgrFpXLh_AAAAAQ"]
[Mon Sep 02 11:15:10.244381 2024] [:error] [pid 1622514] [client 179.43.149.114:51162] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_exemple"] [unique_id "ZtWCHlPEwbU3AgrFpXLh_AAAAAQ"]
[Tue Sep 03 07:40:36.769459 2024] [:error] [pid 1643798] [client 88.173.222.130:6414] [client 88.173.222.130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtahVDpsPEh9260A3eJj5AAAAAA"]
[Tue Sep 03 07:40:36.770198 2024] [:error] [pid 1643798] [client 88.173.222.130:6414] [client 88.173.222.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtahVDpsPEh9260A3eJj5AAAAAA"]
[Tue Sep 03 07:40:36.770843 2024] [:error] [pid 1643798] [client 88.173.222.130:6414] [client 88.173.222.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtahVDpsPEh9260A3eJj5AAAAAA"]
[Wed Sep 04 15:26:28.511509 2024] [:error] [pid 1668041] [client 45.135.232.70:53144] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTRwAAAAQ"]
[Wed Sep 04 15:26:28.511949 2024] [:error] [pid 1668041] [client 45.135.232.70:53144] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTRwAAAAQ"]
[Wed Sep 04 15:26:28.512208 2024] [:error] [pid 1668041] [client 45.135.232.70:53144] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTRwAAAAQ"]
[Wed Sep 04 15:26:28.518198 2024] [:error] [pid 1668042] [client 45.135.232.70:53150] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzygAAAAU"]
[Wed Sep 04 15:26:28.518827 2024] [:error] [pid 1668042] [client 45.135.232.70:53150] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzygAAAAU"]
[Wed Sep 04 15:26:28.519271 2024] [:error] [pid 1668042] [client 45.135.232.70:53150] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzygAAAAU"]
[Wed Sep 04 15:26:28.532052 2024] [:error] [pid 1668037] [client 45.135.232.70:53160] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_yowAAAAA"]
[Wed Sep 04 15:26:28.532467 2024] [:error] [pid 1668037] [client 45.135.232.70:53160] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_yowAAAAA"]
[Wed Sep 04 15:26:28.532680 2024] [:error] [pid 1668037] [client 45.135.232.70:53160] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_yowAAAAA"]
[Wed Sep 04 15:26:28.534843 2024] [:error] [pid 1669687] [client 45.135.232.70:53192] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /demo/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDAAAAAc"]
[Wed Sep 04 15:26:28.535118 2024] [:error] [pid 1669687] [client 45.135.232.70:53192] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDAAAAAc"]
[Wed Sep 04 15:26:28.535328 2024] [:error] [pid 1669687] [client 45.135.232.70:53192] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDAAAAAc"]
[Wed Sep 04 15:26:28.536069 2024] [:error] [pid 1668040] [client 45.135.232.70:53218] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFLwAAAAM"]
[Wed Sep 04 15:26:28.536649 2024] [:error] [pid 1668040] [client 45.135.232.70:53218] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFLwAAAAM"]
[Wed Sep 04 15:26:28.537047 2024] [:error] [pid 1668040] [client 45.135.232.70:53218] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFLwAAAAM"]
[Wed Sep 04 15:26:28.546735 2024] [:error] [pid 1668038] [client 45.135.232.70:53278] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /live/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruAAAAAE"]
[Wed Sep 04 15:26:28.546935 2024] [:error] [pid 1669081] [client 45.135.232.70:53176] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-IgAAAAY"]
[Wed Sep 04 15:26:28.547080 2024] [:error] [pid 1668038] [client 45.135.232.70:53278] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruAAAAAE"]
[Wed Sep 04 15:26:28.547311 2024] [:error] [pid 1668038] [client 45.135.232.70:53278] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruAAAAAE"]
[Wed Sep 04 15:26:28.547508 2024] [:error] [pid 1669081] [client 45.135.232.70:53176] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-IgAAAAY"]
[Wed Sep 04 15:26:28.547911 2024] [:error] [pid 1669081] [client 45.135.232.70:53176] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-IgAAAAY"]
[Wed Sep 04 15:26:28.549218 2024] [:error] [pid 1668039] [client 45.135.232.70:53248] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6YwAAAAI"]
[Wed Sep 04 15:26:28.549477 2024] [:error] [pid 1668039] [client 45.135.232.70:53248] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6YwAAAAI"]
[Wed Sep 04 15:26:28.549681 2024] [:error] [pid 1668039] [client 45.135.232.70:53248] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6YwAAAAI"]
[Wed Sep 04 15:26:28.611968 2024] [:error] [pid 1668041] [client 45.135.232.70:53342] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /m/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSAAAAAQ"]
[Wed Sep 04 15:26:28.612468 2024] [:error] [pid 1668041] [client 45.135.232.70:53342] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSAAAAAQ"]
[Wed Sep 04 15:26:28.612925 2024] [:error] [pid 1668041] [client 45.135.232.70:53342] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSAAAAAQ"]
[Wed Sep 04 15:26:28.615734 2024] [:error] [pid 1668042] [client 45.135.232.70:53288] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzywAAAAU"]
[Wed Sep 04 15:26:28.616325 2024] [:error] [pid 1668042] [client 45.135.232.70:53288] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzywAAAAU"]
[Wed Sep 04 15:26:28.616812 2024] [:error] [pid 1668042] [client 45.135.232.70:53288] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzywAAAAU"]
[Wed Sep 04 15:26:28.631376 2024] [:error] [pid 1668037] [client 45.135.232.70:53332] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /__macosx/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypAAAAAA"]
[Wed Sep 04 15:26:28.631897 2024] [:error] [pid 1668037] [client 45.135.232.70:53332] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypAAAAAA"]
[Wed Sep 04 15:26:28.632303 2024] [:error] [pid 1668037] [client 45.135.232.70:53332] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypAAAAAA"]
[Wed Sep 04 15:26:28.636849 2024] [:error] [pid 1669687] [client 45.135.232.70:53304] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDQAAAAc"]
[Wed Sep 04 15:26:28.637317 2024] [:error] [pid 1669687] [client 45.135.232.70:53304] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDQAAAAc"]
[Wed Sep 04 15:26:28.637653 2024] [:error] [pid 1669687] [client 45.135.232.70:53304] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDQAAAAc"]
[Wed Sep 04 15:26:28.643027 2024] [:error] [pid 1668040] [client 45.135.232.70:53206] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /developer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMAAAAAM"]
[Wed Sep 04 15:26:28.643618 2024] [:error] [pid 1668040] [client 45.135.232.70:53206] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMAAAAAM"]
[Wed Sep 04 15:26:28.644037 2024] [:error] [pid 1668040] [client 45.135.232.70:53206] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMAAAAAM"]
[Wed Sep 04 15:26:28.657271 2024] [:error] [pid 1668038] [client 45.135.232.70:53228] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /flock/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruQAAAAE"]
[Wed Sep 04 15:26:28.657726 2024] [:error] [pid 1668038] [client 45.135.232.70:53228] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruQAAAAE"]
[Wed Sep 04 15:26:28.658103 2024] [:error] [pid 1668038] [client 45.135.232.70:53228] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruQAAAAE"]
[Wed Sep 04 15:26:28.660179 2024] [:error] [pid 1668039] [client 45.135.232.70:53260] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /includes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZAAAAAI"]
[Wed Sep 04 15:26:28.660334 2024] [:error] [pid 1669081] [client 45.135.232.70:53236] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /gateway/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-IwAAAAY"]
[Wed Sep 04 15:26:28.660581 2024] [:error] [pid 1668039] [client 45.135.232.70:53260] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZAAAAAI"]
[Wed Sep 04 15:26:28.660800 2024] [:error] [pid 1669081] [client 45.135.232.70:53236] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-IwAAAAY"]
[Wed Sep 04 15:26:28.661019 2024] [:error] [pid 1668039] [client 45.135.232.70:53260] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZAAAAAI"]
[Wed Sep 04 15:26:28.661183 2024] [:error] [pid 1669081] [client 45.135.232.70:53236] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-IwAAAAY"]
[Wed Sep 04 15:26:28.721612 2024] [:error] [pid 1668042] [client 45.135.232.70:53314] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzAAAAAU"]
[Wed Sep 04 15:26:28.722477 2024] [:error] [pid 1668041] [client 45.135.232.70:53262] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /git/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSQAAAAQ"]
[Wed Sep 04 15:26:28.723127 2024] [:error] [pid 1668041] [client 45.135.232.70:53262] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSQAAAAQ"]
[Wed Sep 04 15:26:28.723292 2024] [:error] [pid 1668042] [client 45.135.232.70:53314] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzAAAAAU"]
[Wed Sep 04 15:26:28.723576 2024] [:error] [pid 1668041] [client 45.135.232.70:53262] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSQAAAAQ"]
[Wed Sep 04 15:26:28.723620 2024] [:error] [pid 1668042] [client 45.135.232.70:53314] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzAAAAAU"]
[Wed Sep 04 15:26:28.739820 2024] [:error] [pid 1668037] [client 45.135.232.70:53282] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /a/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypQAAAAA"]
[Wed Sep 04 15:26:28.740250 2024] [:error] [pid 1668037] [client 45.135.232.70:53282] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypQAAAAA"]
[Wed Sep 04 15:26:28.740549 2024] [:error] [pid 1668037] [client 45.135.232.70:53282] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypQAAAAA"]
[Wed Sep 04 15:26:28.747531 2024] [:error] [pid 1669687] [client 45.135.232.70:53344] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /new/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDgAAAAc"]
[Wed Sep 04 15:26:28.748080 2024] [:error] [pid 1669687] [client 45.135.232.70:53344] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDgAAAAc"]
[Wed Sep 04 15:26:28.748513 2024] [:error] [pid 1669687] [client 45.135.232.70:53344] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDgAAAAc"]
[Wed Sep 04 15:26:28.760195 2024] [:error] [pid 1668040] [client 45.135.232.70:53318] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /build/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMQAAAAM"]
[Wed Sep 04 15:26:28.760555 2024] [:error] [pid 1668040] [client 45.135.232.70:53318] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMQAAAAM"]
[Wed Sep 04 15:26:28.760845 2024] [:error] [pid 1668040] [client 45.135.232.70:53318] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMQAAAAM"]
[Wed Sep 04 15:26:28.777723 2024] [:error] [pid 1668039] [client 45.135.232.70:53370] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /old-cuburn/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZQAAAAI"]
[Wed Sep 04 15:26:28.778470 2024] [:error] [pid 1668039] [client 45.135.232.70:53370] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZQAAAAI"]
[Wed Sep 04 15:26:28.779601 2024] [:error] [pid 1668038] [client 45.135.232.70:53354] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /node_modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCrugAAAAE"]
[Wed Sep 04 15:26:28.779996 2024] [:error] [pid 1668038] [client 45.135.232.70:53354] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCrugAAAAE"]
[Wed Sep 04 15:26:28.780381 2024] [:error] [pid 1668038] [client 45.135.232.70:53354] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCrugAAAAE"]
[Wed Sep 04 15:26:28.780975 2024] [:error] [pid 1668039] [client 45.135.232.70:53370] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZQAAAAI"]
[Wed Sep 04 15:26:28.783334 2024] [:error] [pid 1669081] [client 45.135.232.70:53382] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /qa/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-JAAAAAY"]
[Wed Sep 04 15:26:28.783691 2024] [:error] [pid 1669081] [client 45.135.232.70:53382] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-JAAAAAY"]
[Wed Sep 04 15:26:28.783858 2024] [:error] [pid 1669081] [client 45.135.232.70:53382] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-JAAAAAY"]
[Wed Sep 04 15:26:28.839739 2024] [:error] [pid 1668042] [client 45.135.232.70:53384] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /aomanalyzer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzQAAAAU"]
[Wed Sep 04 15:26:28.843145 2024] [:error] [pid 1668041] [client 45.135.232.70:53378] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSgAAAAQ"]
[Wed Sep 04 15:26:28.843721 2024] [:error] [pid 1668041] [client 45.135.232.70:53378] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSgAAAAQ"]
[Wed Sep 04 15:26:28.844132 2024] [:error] [pid 1668041] [client 45.135.232.70:53378] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSgAAAAQ"]
[Wed Sep 04 15:26:28.844973 2024] [:error] [pid 1668042] [client 45.135.232.70:53384] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzQAAAAU"]
[Wed Sep 04 15:26:28.845172 2024] [:error] [pid 1668042] [client 45.135.232.70:53384] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzQAAAAU"]
[Wed Sep 04 15:26:28.851026 2024] [:error] [pid 1668037] [client 45.135.232.70:53404] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repository/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypgAAAAA"]
[Wed Sep 04 15:26:28.851662 2024] [:error] [pid 1668037] [client 45.135.232.70:53404] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypgAAAAA"]
[Wed Sep 04 15:26:28.852092 2024] [:error] [pid 1668037] [client 45.135.232.70:53404] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypgAAAAA"]
[Wed Sep 04 15:26:28.859528 2024] [:error] [pid 1669687] [client 45.135.232.70:53414] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDwAAAAc"]
[Wed Sep 04 15:26:28.859887 2024] [:error] [pid 1669687] [client 45.135.232.70:53414] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDwAAAAc"]
[Wed Sep 04 15:26:28.860197 2024] [:error] [pid 1669687] [client 45.135.232.70:53414] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVRDwAAAAc"]
[Wed Sep 04 15:26:28.876228 2024] [:error] [pid 1668040] [client 45.135.232.70:53392] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repos/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMgAAAAM"]
[Wed Sep 04 15:26:28.876804 2024] [:error] [pid 1668040] [client 45.135.232.70:53392] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMgAAAAM"]
[Wed Sep 04 15:26:28.877410 2024] [:error] [pid 1668040] [client 45.135.232.70:53392] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMgAAAAM"]
[Wed Sep 04 15:26:28.883368 2024] [:error] [pid 1668039] [client 45.135.232.70:53460] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZgAAAAI"]
[Wed Sep 04 15:26:28.883966 2024] [:error] [pid 1668039] [client 45.135.232.70:53460] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZgAAAAI"]
[Wed Sep 04 15:26:28.884464 2024] [:error] [pid 1668039] [client 45.135.232.70:53460] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZgAAAAI"]
[Wed Sep 04 15:26:28.890205 2024] [:error] [pid 1669081] [client 45.135.232.70:53424] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-JQAAAAY"]
[Wed Sep 04 15:26:28.890599 2024] [:error] [pid 1669081] [client 45.135.232.70:53424] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-JQAAAAY"]
[Wed Sep 04 15:26:28.890917 2024] [:error] [pid 1669081] [client 45.135.232.70:53424] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "ZthgBBgJ4MEPOnpEXQ6-JQAAAAY"]
[Wed Sep 04 15:26:28.897648 2024] [:error] [pid 1668038] [client 45.135.232.70:53440] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruwAAAAE"]
[Wed Sep 04 15:26:28.898059 2024] [:error] [pid 1668038] [client 45.135.232.70:53440] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruwAAAAE"]
[Wed Sep 04 15:26:28.898401 2024] [:error] [pid 1668038] [client 45.135.232.70:53440] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "ZthgBD3fPta-nmxGgwCruwAAAAE"]
[Wed Sep 04 15:26:28.945622 2024] [:error] [pid 1668042] [client 45.135.232.70:53484] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /amphtml/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzgAAAAU"]
[Wed Sep 04 15:26:28.946392 2024] [:error] [pid 1668042] [client 45.135.232.70:53484] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzgAAAAU"]
[Wed Sep 04 15:26:28.946860 2024] [:error] [pid 1668042] [client 45.135.232.70:53484] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "ZthgBGI5LdyeeUHh3JqzzgAAAAU"]
[Wed Sep 04 15:26:28.961284 2024] [:error] [pid 1668041] [client 45.135.232.70:53444] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /alpha/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSwAAAAQ"]
[Wed Sep 04 15:26:28.961999 2024] [:error] [pid 1668041] [client 45.135.232.70:53444] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSwAAAAQ"]
[Wed Sep 04 15:26:28.962482 2024] [:error] [pid 1668041] [client 45.135.232.70:53444] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "ZthgBNyptEyCxv2bjOmTSwAAAAQ"]
[Wed Sep 04 15:26:28.964428 2024] [:error] [pid 1668037] [client 45.135.232.70:53472] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypwAAAAA"]
[Wed Sep 04 15:26:28.964988 2024] [:error] [pid 1668037] [client 45.135.232.70:53472] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypwAAAAA"]
[Wed Sep 04 15:26:28.965251 2024] [:error] [pid 1669687] [client 45.135.232.70:53496] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVREAAAAAc"]
[Wed Sep 04 15:26:28.965388 2024] [:error] [pid 1668037] [client 45.135.232.70:53472] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "ZthgBAQw0y6bHlDZzc_ypwAAAAA"]
[Wed Sep 04 15:26:28.965542 2024] [:error] [pid 1669687] [client 45.135.232.70:53496] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVREAAAAAc"]
[Wed Sep 04 15:26:28.965762 2024] [:error] [pid 1669687] [client 45.135.232.70:53496] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "ZthgBLjC_0gXYx9o8kVREAAAAAc"]
[Wed Sep 04 15:26:28.979016 2024] [:error] [pid 1668039] [client 45.135.232.70:53518] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZwAAAAI"]
[Wed Sep 04 15:26:28.979502 2024] [:error] [pid 1668039] [client 45.135.232.70:53518] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZwAAAAI"]
[Wed Sep 04 15:26:28.979902 2024] [:error] [pid 1668039] [client 45.135.232.70:53518] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZthgBAns1omtyxaAJPy6ZwAAAAI"]
[Wed Sep 04 15:26:28.991352 2024] [:error] [pid 1668040] [client 45.135.232.70:53504] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMwAAAAM"]
[Wed Sep 04 15:26:28.991668 2024] [:error] [pid 1668040] [client 45.135.232.70:53504] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMwAAAAM"]
[Wed Sep 04 15:26:28.991900 2024] [:error] [pid 1668040] [client 45.135.232.70:53504] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "ZthgBFJ05zQv9GkBJzvFMwAAAAM"]
[Wed Sep 04 15:26:29.004547 2024] [:error] [pid 1669081] [client 45.135.232.70:53532] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-JgAAAAY"]
[Wed Sep 04 15:26:29.004844 2024] [:error] [pid 1669081] [client 45.135.232.70:53532] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-JgAAAAY"]
[Wed Sep 04 15:26:29.005061 2024] [:error] [pid 1669081] [client 45.135.232.70:53532] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-JgAAAAY"]
[Wed Sep 04 15:26:29.010057 2024] [:error] [pid 1668038] [client 45.135.232.70:53536] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /beta/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvAAAAAE"]
[Wed Sep 04 15:26:29.011976 2024] [:error] [pid 1668038] [client 45.135.232.70:53536] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvAAAAAE"]
[Wed Sep 04 15:26:29.012397 2024] [:error] [pid 1668038] [client 45.135.232.70:53536] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvAAAAAE"]
[Wed Sep 04 15:26:29.049444 2024] [:error] [pid 1668042] [client 45.135.232.70:53538] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3JqzzwAAAAU"]
[Wed Sep 04 15:26:29.049825 2024] [:error] [pid 1668042] [client 45.135.232.70:53538] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3JqzzwAAAAU"]
[Wed Sep 04 15:26:29.050102 2024] [:error] [pid 1668042] [client 45.135.232.70:53538] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3JqzzwAAAAU"]
[Wed Sep 04 15:26:29.063534 2024] [:error] [pid 1669687] [client 45.135.232.70:53576] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREQAAAAc"]
[Wed Sep 04 15:26:29.063914 2024] [:error] [pid 1669687] [client 45.135.232.70:53576] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREQAAAAc"]
[Wed Sep 04 15:26:29.064204 2024] [:error] [pid 1669687] [client 45.135.232.70:53576] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREQAAAAc"]
[Wed Sep 04 15:26:29.071457 2024] [:error] [pid 1668041] [client 45.135.232.70:53556] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTAAAAAQ"]
[Wed Sep 04 15:26:29.071731 2024] [:error] [pid 1668041] [client 45.135.232.70:53556] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTAAAAAQ"]
[Wed Sep 04 15:26:29.071940 2024] [:error] [pid 1668041] [client 45.135.232.70:53556] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTAAAAAQ"]
[Wed Sep 04 15:26:29.079079 2024] [:error] [pid 1668037] [client 45.135.232.70:53580] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqAAAAAA"]
[Wed Sep 04 15:26:29.079438 2024] [:error] [pid 1668037] [client 45.135.232.70:53580] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqAAAAAA"]
[Wed Sep 04 15:26:29.079682 2024] [:error] [pid 1668037] [client 45.135.232.70:53580] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqAAAAAA"]
[Wed Sep 04 15:26:29.083655 2024] [:error] [pid 1679851] [client 45.135.232.70:53544] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14QAAAAg"]
[Wed Sep 04 15:26:29.084031 2024] [:error] [pid 1679851] [client 45.135.232.70:53544] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14QAAAAg"]
[Wed Sep 04 15:26:29.084312 2024] [:error] [pid 1679851] [client 45.135.232.70:53544] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14QAAAAg"]
[Wed Sep 04 15:26:29.088424 2024] [:error] [pid 1668039] [client 45.135.232.70:53590] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6aAAAAAI"]
[Wed Sep 04 15:26:29.088954 2024] [:error] [pid 1668039] [client 45.135.232.70:53590] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6aAAAAAI"]
[Wed Sep 04 15:26:29.089400 2024] [:error] [pid 1668039] [client 45.135.232.70:53590] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6aAAAAAI"]
[Wed Sep 04 15:26:29.105486 2024] [:error] [pid 1668040] [client 45.135.232.70:53562] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNAAAAAM"]
[Wed Sep 04 15:26:29.105974 2024] [:error] [pid 1668040] [client 45.135.232.70:53562] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNAAAAAM"]
[Wed Sep 04 15:26:29.106349 2024] [:error] [pid 1668040] [client 45.135.232.70:53562] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNAAAAAM"]
[Wed Sep 04 15:26:29.116983 2024] [:error] [pid 1668038] [client 45.135.232.70:53604] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvQAAAAE"]
[Wed Sep 04 15:26:29.117586 2024] [:error] [pid 1668038] [client 45.135.232.70:53604] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvQAAAAE"]
[Wed Sep 04 15:26:29.117684 2024] [:error] [pid 1669081] [client 45.135.232.70:53596] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-JwAAAAY"]
[Wed Sep 04 15:26:29.118013 2024] [:error] [pid 1668038] [client 45.135.232.70:53604] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvQAAAAE"]
[Wed Sep 04 15:26:29.118295 2024] [:error] [pid 1669081] [client 45.135.232.70:53596] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-JwAAAAY"]
[Wed Sep 04 15:26:29.118707 2024] [:error] [pid 1669081] [client 45.135.232.70:53596] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-JwAAAAY"]
[Wed Sep 04 15:26:29.378804 2024] [:error] [pid 1668041] [client 45.135.232.70:53758] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /store/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTQAAAAQ"]
[Wed Sep 04 15:26:29.379171 2024] [:error] [pid 1668041] [client 45.135.232.70:53758] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTQAAAAQ"]
[Wed Sep 04 15:26:29.379407 2024] [:error] [pid 1668041] [client 45.135.232.70:53758] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTQAAAAQ"]
[Wed Sep 04 15:26:29.380039 2024] [:error] [pid 1668037] [client 45.135.232.70:53670] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqQAAAAA"]
[Wed Sep 04 15:26:29.380443 2024] [:error] [pid 1668037] [client 45.135.232.70:53670] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqQAAAAA"]
[Wed Sep 04 15:26:29.380702 2024] [:error] [pid 1668037] [client 45.135.232.70:53670] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqQAAAAA"]
[Wed Sep 04 15:26:29.381263 2024] [:error] [pid 1668042] [client 45.135.232.70:53606] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3Jqz0AAAAAU"]
[Wed Sep 04 15:26:29.381582 2024] [:error] [pid 1668042] [client 45.135.232.70:53606] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3Jqz0AAAAAU"]
[Wed Sep 04 15:26:29.381725 2024] [:error] [pid 1669687] [client 45.135.232.70:53652] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREgAAAAc"]
[Wed Sep 04 15:26:29.381764 2024] [:error] [pid 1668042] [client 45.135.232.70:53606] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3Jqz0AAAAAU"]
[Wed Sep 04 15:26:29.382082 2024] [:error] [pid 1669687] [client 45.135.232.70:53652] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREgAAAAc"]
[Wed Sep 04 15:26:29.382387 2024] [:error] [pid 1669687] [client 45.135.232.70:53652] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREgAAAAc"]
[Wed Sep 04 15:26:29.383853 2024] [:error] [pid 1668040] [client 45.135.232.70:53638] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNQAAAAM"]
[Wed Sep 04 15:26:29.384114 2024] [:error] [pid 1668040] [client 45.135.232.70:53638] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNQAAAAM"]
[Wed Sep 04 15:26:29.384308 2024] [:error] [pid 1668040] [client 45.135.232.70:53638] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNQAAAAM"]
[Wed Sep 04 15:26:29.385805 2024] [:error] [pid 1668038] [client 45.135.232.70:53694] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /static/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvgAAAAE"]
[Wed Sep 04 15:26:29.386087 2024] [:error] [pid 1668039] [client 45.135.232.70:53762] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6aQAAAAI"]
[Wed Sep 04 15:26:29.386102 2024] [:error] [pid 1668038] [client 45.135.232.70:53694] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvgAAAAE"]
[Wed Sep 04 15:26:29.386390 2024] [:error] [pid 1668038] [client 45.135.232.70:53694] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvgAAAAE"]
[Wed Sep 04 15:26:29.386399 2024] [:error] [pid 1668039] [client 45.135.232.70:53762] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6aQAAAAI"]
[Wed Sep 04 15:26:29.386599 2024] [:error] [pid 1668039] [client 45.135.232.70:53762] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6aQAAAAI"]
[Wed Sep 04 15:26:29.388356 2024] [:error] [pid 1679851] [client 45.135.232.70:53624] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /test/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14gAAAAg"]
[Wed Sep 04 15:26:29.388628 2024] [:error] [pid 1679851] [client 45.135.232.70:53624] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14gAAAAg"]
[Wed Sep 04 15:26:29.388680 2024] [:error] [pid 1669081] [client 45.135.232.70:53664] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-KAAAAAY"]
[Wed Sep 04 15:26:29.388823 2024] [:error] [pid 1679851] [client 45.135.232.70:53624] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14gAAAAg"]
[Wed Sep 04 15:26:29.389000 2024] [:error] [pid 1669081] [client 45.135.232.70:53664] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-KAAAAAY"]
[Wed Sep 04 15:26:29.389262 2024] [:error] [pid 1669081] [client 45.135.232.70:53664] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-KAAAAAY"]
[Wed Sep 04 15:26:29.476364 2024] [:error] [pid 1668041] [client 45.135.232.70:53634] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTgAAAAQ"]
[Wed Sep 04 15:26:29.477033 2024] [:error] [pid 1668041] [client 45.135.232.70:53634] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTgAAAAQ"]
[Wed Sep 04 15:26:29.477713 2024] [:error] [pid 1668041] [client 45.135.232.70:53634] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTgAAAAQ"]
[Wed Sep 04 15:26:29.478147 2024] [:error] [pid 1668037] [client 45.135.232.70:53612] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wiki/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqgAAAAA"]
[Wed Sep 04 15:26:29.478771 2024] [:error] [pid 1668037] [client 45.135.232.70:53612] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqgAAAAA"]
[Wed Sep 04 15:26:29.479255 2024] [:error] [pid 1668037] [client 45.135.232.70:53612] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "ZthgBQQw0y6bHlDZzc_yqgAAAAA"]
[Wed Sep 04 15:26:29.481225 2024] [:error] [pid 1668042] [client 45.135.232.70:53672] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-includes/js/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3Jqz0QAAAAU"]
[Wed Sep 04 15:26:29.481536 2024] [:error] [pid 1669687] [client 45.135.232.70:53708] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /samples/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREwAAAAc"]
[Wed Sep 04 15:26:29.481543 2024] [:error] [pid 1668042] [client 45.135.232.70:53672] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3Jqz0QAAAAU"]
[Wed Sep 04 15:26:29.481804 2024] [:error] [pid 1668042] [client 45.135.232.70:53672] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config"] [unique_id "ZthgBWI5LdyeeUHh3Jqz0QAAAAU"]
[Wed Sep 04 15:26:29.481949 2024] [:error] [pid 1669687] [client 45.135.232.70:53708] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREwAAAAc"]
[Wed Sep 04 15:26:29.482287 2024] [:error] [pid 1669687] [client 45.135.232.70:53708] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "ZthgBbjC_0gXYx9o8kVREwAAAAc"]
[Wed Sep 04 15:26:29.492667 2024] [:error] [pid 1668040] [client 45.135.232.70:53718] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNgAAAAM"]
[Wed Sep 04 15:26:29.493008 2024] [:error] [pid 1668040] [client 45.135.232.70:53718] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNgAAAAM"]
[Wed Sep 04 15:26:29.493237 2024] [:error] [pid 1668040] [client 45.135.232.70:53718] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "ZthgBVJ05zQv9GkBJzvFNgAAAAM"]
[Wed Sep 04 15:26:29.493932 2024] [:error] [pid 1668039] [client 45.135.232.70:53768] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6agAAAAI"]
[Wed Sep 04 15:26:29.494204 2024] [:error] [pid 1668038] [client 45.135.232.70:53772] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvwAAAAE"]
[Wed Sep 04 15:26:29.494372 2024] [:error] [pid 1668039] [client 45.135.232.70:53768] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6agAAAAI"]
[Wed Sep 04 15:26:29.494756 2024] [:error] [pid 1668039] [client 45.135.232.70:53768] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "ZthgBQns1omtyxaAJPy6agAAAAI"]
[Wed Sep 04 15:26:29.495892 2024] [:error] [pid 1668038] [client 45.135.232.70:53772] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvwAAAAE"]
[Wed Sep 04 15:26:29.496139 2024] [:error] [pid 1679851] [client 45.135.232.70:53678] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /user/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14wAAAAg"]
[Wed Sep 04 15:26:29.496187 2024] [:error] [pid 1668038] [client 45.135.232.70:53772] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "ZthgBT3fPta-nmxGgwCrvwAAAAE"]
[Wed Sep 04 15:26:29.496435 2024] [:error] [pid 1679851] [client 45.135.232.70:53678] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14wAAAAg"]
[Wed Sep 04 15:26:29.496698 2024] [:error] [pid 1679851] [client 45.135.232.70:53678] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "ZthgBSJNf6qDpcOZEHa14wAAAAg"]
[Wed Sep 04 15:26:29.501450 2024] [:error] [pid 1669081] [client 45.135.232.70:53728] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-KQAAAAY"]
[Wed Sep 04 15:26:29.501661 2024] [:error] [pid 1669081] [client 45.135.232.70:53728] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-KQAAAAY"]
[Wed Sep 04 15:26:29.501843 2024] [:error] [pid 1669081] [client 45.135.232.70:53728] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "ZthgBRgJ4MEPOnpEXQ6-KQAAAAY"]
[Wed Sep 04 15:26:29.588254 2024] [:error] [pid 1668041] [client 45.135.232.70:53742] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTwAAAAQ"]
[Wed Sep 04 15:26:29.588942 2024] [:error] [pid 1668041] [client 45.135.232.70:53742] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTwAAAAQ"]
[Wed Sep 04 15:26:29.589396 2024] [:error] [pid 1668041] [client 45.135.232.70:53742] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "ZthgBdyptEyCxv2bjOmTTwAAAAQ"]
[Fri Sep 06 07:04:12.547097 2024] [:error] [pid 1713981] [client 179.43.188.122:55230] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtqNTN5-kPkg6nbYKE_JPgAAAAM"]
[Fri Sep 06 07:04:12.548958 2024] [:error] [pid 1713981] [client 179.43.188.122:55230] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtqNTN5-kPkg6nbYKE_JPgAAAAM"]
[Fri Sep 06 07:04:12.549431 2024] [:error] [pid 1713981] [client 179.43.188.122:55230] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtqNTN5-kPkg6nbYKE_JPgAAAAM"]
[Sat Sep 07 15:34:39.102544 2024] [:error] [pid 1737453] [client 91.92.240.240:65166] [client 91.92.240.240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtxWbz6N5KKzkiVyVwcg-AAAAAU"]
[Sat Sep 07 15:34:39.103471 2024] [:error] [pid 1737453] [client 91.92.240.240:65166] [client 91.92.240.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtxWbz6N5KKzkiVyVwcg-AAAAAU"]
[Sat Sep 07 15:34:39.103959 2024] [:error] [pid 1737453] [client 91.92.240.240:65166] [client 91.92.240.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtxWbz6N5KKzkiVyVwcg-AAAAAU"]
[Sat Sep 07 15:45:28.330193 2024] [:error] [pid 1749005] [client 91.92.240.240:65094] [client 91.92.240.240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtxY-FcGETrzybJsNq4zNAAAAA0"]
[Sat Sep 07 15:45:28.330961 2024] [:error] [pid 1749005] [client 91.92.240.240:65094] [client 91.92.240.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtxY-FcGETrzybJsNq4zNAAAAA0"]
[Sat Sep 07 15:45:28.331446 2024] [:error] [pid 1749005] [client 91.92.240.240:65094] [client 91.92.240.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZtxY-FcGETrzybJsNq4zNAAAAA0"]
[Sat Sep 07 18:11:02.318548 2024] [:error] [pid 1737449] [client 91.92.240.240:52020] [client 91.92.240.240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Ztx7FvgLrg-HkgeFnNMDRAAAAAE"]
[Sat Sep 07 18:11:02.319418 2024] [:error] [pid 1737449] [client 91.92.240.240:52020] [client 91.92.240.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Ztx7FvgLrg-HkgeFnNMDRAAAAAE"]
[Sat Sep 07 18:11:02.319904 2024] [:error] [pid 1737449] [client 91.92.240.240:52020] [client 91.92.240.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Ztx7FvgLrg-HkgeFnNMDRAAAAAE"]
[Sun Sep 08 01:05:17.319838 2024] [:error] [pid 1756168] [client 45.148.10.206:51078] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtzcLapH1DSYEGnu7JpdqAAAAAk"]
[Sun Sep 08 01:05:17.320371 2024] [:error] [pid 1756168] [client 45.148.10.206:51078] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtzcLapH1DSYEGnu7JpdqAAAAAk"]
[Sun Sep 08 01:05:17.320621 2024] [:error] [pid 1756168] [client 45.148.10.206:51078] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZtzcLapH1DSYEGnu7JpdqAAAAAk"]
[Mon Sep 09 07:40:52.558773 2024] [:error] [pid 1781014] [client 91.92.240.240:61774] [client 91.92.240.240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zt6KZBc8P4Ezv-ilv50TNgAAAAM"]
[Mon Sep 09 07:40:52.559438 2024] [:error] [pid 1781014] [client 91.92.240.240:61774] [client 91.92.240.240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zt6KZBc8P4Ezv-ilv50TNgAAAAM"]
[Mon Sep 09 07:40:52.560032 2024] [:error] [pid 1781014] [client 91.92.240.240:61774] [client 91.92.240.240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zt6KZBc8P4Ezv-ilv50TNgAAAAM"]
[Tue Sep 10 04:50:13.771749 2024] [:error] [pid 1804504] [client 3.145.57.200:35816] [client 3.145.57.200] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zt-z5eJccGGyrf6Be6BntwAAAAA"]
[Tue Sep 10 04:50:13.772676 2024] [:error] [pid 1804504] [client 3.145.57.200:35816] [client 3.145.57.200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zt-z5eJccGGyrf6Be6BntwAAAAA"]
[Tue Sep 10 04:50:13.773155 2024] [:error] [pid 1804504] [client 3.145.57.200:35816] [client 3.145.57.200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zt-z5eJccGGyrf6Be6BntwAAAAA"]
[Fri Sep 20 00:04:50.017973 2024] [autoindex:error] [pid 2051321] [client 45.135.232.70:57192] AH01276: Cannot serve directory /var/www/pms.test.indaco.store/www/assets/i18n/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm) found, and server-generated directory index forbidden by Options directive
[Tue Sep 24 23:16:31.108553 2024] [:error] [pid 2144596] [client 92.118.39.244:53908] [client 92.118.39.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvMsL5WCulQv8cTQ3sfUsgAAAAA"]
[Tue Sep 24 23:16:31.110306 2024] [:error] [pid 2144596] [client 92.118.39.244:53908] [client 92.118.39.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvMsL5WCulQv8cTQ3sfUsgAAAAA"]
[Tue Sep 24 23:16:31.110909 2024] [:error] [pid 2144596] [client 92.118.39.244:53908] [client 92.118.39.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvMsL5WCulQv8cTQ3sfUsgAAAAA"]
[Sat Sep 28 21:30:37.557266 2024] [:error] [pid 2249654] [client 45.148.10.59:49038] [client 45.148.10.59] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvhZXfuFShfxCpgLyHNDBQAAAAc"]
[Sat Sep 28 21:30:37.560194 2024] [:error] [pid 2249654] [client 45.148.10.59:49038] [client 45.148.10.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvhZXfuFShfxCpgLyHNDBQAAAAc"]
[Sat Sep 28 21:30:37.560577 2024] [:error] [pid 2249654] [client 45.148.10.59:49038] [client 45.148.10.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZvhZXfuFShfxCpgLyHNDBQAAAAc"]
[Sat Sep 28 21:30:42.641867 2024] [:error] [pid 2249650] [client 45.148.10.59:49050] [client 45.148.10.59] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZvhZYldkwfLt0HQzodbnhQAAAAU"]
[Sat Sep 28 21:30:42.642569 2024] [:error] [pid 2249650] [client 45.148.10.59:49050] [client 45.148.10.59] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZvhZYldkwfLt0HQzodbnhQAAAAU"]
[Sat Sep 28 21:30:42.643320 2024] [:error] [pid 2249650] [client 45.148.10.59:49050] [client 45.148.10.59] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZvhZYldkwfLt0HQzodbnhQAAAAU"]
[Thu Oct 10 13:04:04.287928 2024] [:error] [pid 2508914] [client 92.118.39.244:42726] [client 92.118.39.244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zwe0pLnkq5XML8Nv5rdMxgAAAA8"]
[Thu Oct 10 13:04:04.290873 2024] [:error] [pid 2508914] [client 92.118.39.244:42726] [client 92.118.39.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zwe0pLnkq5XML8Nv5rdMxgAAAA8"]
[Thu Oct 10 13:04:04.291384 2024] [:error] [pid 2508914] [client 92.118.39.244:42726] [client 92.118.39.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zwe0pLnkq5XML8Nv5rdMxgAAAA8"]
[Tue Oct 22 07:50:22.439378 2024] [:error] [pid 2779044] [client 179.43.189.138:43722] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zxc9Hlnio2wBcnkVGyMkggAAAAc"]
[Tue Oct 22 07:50:22.442029 2024] [:error] [pid 2779044] [client 179.43.189.138:43722] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zxc9Hlnio2wBcnkVGyMkggAAAAc"]
[Tue Oct 22 07:50:22.442761 2024] [:error] [pid 2779044] [client 179.43.189.138:43722] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zxc9Hlnio2wBcnkVGyMkggAAAAc"]
[Sat Oct 26 05:36:16.018224 2024] [:error] [pid 2872368] [client 179.43.189.138:55510] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1oQAAAAE"]
[Sat Oct 26 05:36:16.020611 2024] [:error] [pid 2872368] [client 179.43.189.138:55510] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1oQAAAAE"]
[Sat Oct 26 05:36:16.021121 2024] [:error] [pid 2872368] [client 179.43.189.138:55510] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1oQAAAAE"]
[Sat Oct 26 05:36:16.034295 2024] [:error] [pid 2872436] [client 179.43.189.138:55524] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqfgAAAAY"]
[Sat Oct 26 05:36:16.034897 2024] [:error] [pid 2872436] [client 179.43.189.138:55524] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqfgAAAAY"]
[Sat Oct 26 05:36:16.035330 2024] [:error] [pid 2872436] [client 179.43.189.138:55524] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqfgAAAAY"]
[Sat Oct 26 05:36:16.038289 2024] [:error] [pid 2872371] [client 179.43.189.138:55540] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PqwAAAAQ"]
[Sat Oct 26 05:36:16.038760 2024] [:error] [pid 2872371] [client 179.43.189.138:55540] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PqwAAAAQ"]
[Sat Oct 26 05:36:16.043714 2024] [:error] [pid 2872371] [client 179.43.189.138:55540] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PqwAAAAQ"]
[Sat Oct 26 05:36:16.058797 2024] [:error] [pid 2872369] [client 179.43.189.138:55578] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQgQAAAAI"]
[Sat Oct 26 05:36:16.059009 2024] [:error] [pid 2872369] [client 179.43.189.138:55578] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQgQAAAAI"]
[Sat Oct 26 05:36:16.059773 2024] [:error] [pid 2872367] [client 179.43.189.138:55562] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjoAAAAAA"]
[Sat Oct 26 05:36:16.060331 2024] [:error] [pid 2872436] [client 179.43.189.138:55592] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqfwAAAAY"]
[Sat Oct 26 05:36:16.060368 2024] [:error] [pid 2872367] [client 179.43.189.138:55562] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjoAAAAAA"]
[Sat Oct 26 05:36:16.060549 2024] [:error] [pid 2872436] [client 179.43.189.138:55592] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqfwAAAAY"]
[Sat Oct 26 05:36:16.060723 2024] [:error] [pid 2872436] [client 179.43.189.138:55592] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqfwAAAAY"]
[Sat Oct 26 05:36:16.060748 2024] [:error] [pid 2872367] [client 179.43.189.138:55562] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjoAAAAAA"]
[Sat Oct 26 05:36:16.062290 2024] [:error] [pid 2872371] [client 179.43.189.138:55604] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /scripts/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrAAAAAQ"]
[Sat Oct 26 05:36:16.062473 2024] [:error] [pid 2872371] [client 179.43.189.138:55604] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrAAAAAQ"]
[Sat Oct 26 05:36:16.062643 2024] [:error] [pid 2872371] [client 179.43.189.138:55604] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrAAAAAQ"]
[Sat Oct 26 05:36:16.062708 2024] [:error] [pid 2872370] [client 179.43.189.138:55570] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mrgAAAAM"]
[Sat Oct 26 05:36:16.062782 2024] [:error] [pid 2872369] [client 179.43.189.138:55578] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQgQAAAAI"]
[Sat Oct 26 05:36:16.062992 2024] [:error] [pid 2872370] [client 179.43.189.138:55570] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mrgAAAAM"]
[Sat Oct 26 05:36:16.063238 2024] [:error] [pid 2872370] [client 179.43.189.138:55570] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mrgAAAAM"]
[Sat Oct 26 05:36:16.063464 2024] [:error] [pid 2872392] [client 179.43.189.138:55554] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCAAAAAU"]
[Sat Oct 26 05:36:16.063647 2024] [:error] [pid 2872392] [client 179.43.189.138:55554] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCAAAAAU"]
[Sat Oct 26 05:36:16.063819 2024] [:error] [pid 2872392] [client 179.43.189.138:55554] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCAAAAAU"]
[Sat Oct 26 05:36:16.066206 2024] [:error] [pid 2872368] [client 179.43.189.138:55580] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1ogAAAAE"]
[Sat Oct 26 05:36:16.066561 2024] [:error] [pid 2872368] [client 179.43.189.138:55580] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1ogAAAAE"]
[Sat Oct 26 05:36:16.066818 2024] [:error] [pid 2872368] [client 179.43.189.138:55580] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1ogAAAAE"]
[Sat Oct 26 05:36:16.080869 2024] [:error] [pid 2872369] [client 179.43.189.138:55608] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /js/libs/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/libs/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQggAAAAI"]
[Sat Oct 26 05:36:16.081054 2024] [:error] [pid 2872369] [client 179.43.189.138:55608] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/libs/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQggAAAAI"]
[Sat Oct 26 05:36:16.081234 2024] [:error] [pid 2872369] [client 179.43.189.138:55608] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/libs/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQggAAAAI"]
[Sat Oct 26 05:36:16.084164 2024] [:error] [pid 2872436] [client 179.43.189.138:55630] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgAAAAAY"]
[Sat Oct 26 05:36:16.084340 2024] [:error] [pid 2872436] [client 179.43.189.138:55630] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgAAAAAY"]
[Sat Oct 26 05:36:16.085629 2024] [:error] [pid 2872370] [client 179.43.189.138:55640] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mrwAAAAM"]
[Sat Oct 26 05:36:16.085691 2024] [:error] [pid 2872392] [client 179.43.189.138:55650] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCQAAAAU"]
[Sat Oct 26 05:36:16.085885 2024] [:error] [pid 2872392] [client 179.43.189.138:55650] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCQAAAAU"]
[Sat Oct 26 05:36:16.085908 2024] [:error] [pid 2872370] [client 179.43.189.138:55640] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mrwAAAAM"]
[Sat Oct 26 05:36:16.086051 2024] [:error] [pid 2872392] [client 179.43.189.138:55650] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCQAAAAU"]
[Sat Oct 26 05:36:16.086137 2024] [:error] [pid 2872370] [client 179.43.189.138:55640] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mrwAAAAM"]
[Sat Oct 26 05:36:16.087719 2024] [:error] [pid 2872367] [client 179.43.189.138:55620] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /source/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjoQAAAAA"]
[Sat Oct 26 05:36:16.087741 2024] [:error] [pid 2872371] [client 179.43.189.138:55638] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrQAAAAQ"]
[Sat Oct 26 05:36:16.087922 2024] [:error] [pid 2872371] [client 179.43.189.138:55638] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrQAAAAQ"]
[Sat Oct 26 05:36:16.087960 2024] [:error] [pid 2872367] [client 179.43.189.138:55620] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjoQAAAAA"]
[Sat Oct 26 05:36:16.088083 2024] [:error] [pid 2872371] [client 179.43.189.138:55638] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrQAAAAQ"]
[Sat Oct 26 05:36:16.088227 2024] [:error] [pid 2872436] [client 179.43.189.138:55630] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgAAAAAY"]
[Sat Oct 26 05:36:16.088254 2024] [:error] [pid 2872367] [client 179.43.189.138:55620] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjoQAAAAA"]
[Sat Oct 26 05:36:16.090312 2024] [:error] [pid 2872368] [client 179.43.189.138:55664] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /panel/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1owAAAAE"]
[Sat Oct 26 05:36:16.090641 2024] [:error] [pid 2872368] [client 179.43.189.138:55664] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1owAAAAE"]
[Sat Oct 26 05:36:16.090851 2024] [:error] [pid 2872368] [client 179.43.189.138:55664] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1owAAAAE"]
[Sat Oct 26 05:36:16.102721 2024] [:error] [pid 2872369] [client 179.43.189.138:55670] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQgwAAAAI"]
[Sat Oct 26 05:36:16.102910 2024] [:error] [pid 2872369] [client 179.43.189.138:55670] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQgwAAAAI"]
[Sat Oct 26 05:36:16.103104 2024] [:error] [pid 2872369] [client 179.43.189.138:55670] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQgwAAAAI"]
[Sat Oct 26 05:36:16.107623 2024] [:error] [pid 2872392] [client 179.43.189.138:55694] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /templates/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCgAAAAU"]
[Sat Oct 26 05:36:16.107827 2024] [:error] [pid 2872392] [client 179.43.189.138:55694] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCgAAAAU"]
[Sat Oct 26 05:36:16.107988 2024] [:error] [pid 2872392] [client 179.43.189.138:55694] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCgAAAAU"]
[Sat Oct 26 05:36:16.109525 2024] [:error] [pid 2872370] [client 179.43.189.138:55706] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /views/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/views/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msAAAAAM"]
[Sat Oct 26 05:36:16.109710 2024] [:error] [pid 2872370] [client 179.43.189.138:55706] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/views/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msAAAAAM"]
[Sat Oct 26 05:36:16.109870 2024] [:error] [pid 2872370] [client 179.43.189.138:55706] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/views/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msAAAAAM"]
[Sat Oct 26 05:36:16.110277 2024] [:error] [pid 2872367] [client 179.43.189.138:55716] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /layout/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjogAAAAA"]
[Sat Oct 26 05:36:16.110614 2024] [:error] [pid 2872367] [client 179.43.189.138:55716] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjogAAAAA"]
[Sat Oct 26 05:36:16.110830 2024] [:error] [pid 2872367] [client 179.43.189.138:55716] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjogAAAAA"]
[Sat Oct 26 05:36:16.111373 2024] [:error] [pid 2872371] [client 179.43.189.138:55730] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /media/uploads/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/media/uploads/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrgAAAAQ"]
[Sat Oct 26 05:36:16.111571 2024] [:error] [pid 2872371] [client 179.43.189.138:55730] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/media/uploads/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrgAAAAQ"]
[Sat Oct 26 05:36:16.111757 2024] [:error] [pid 2872371] [client 179.43.189.138:55730] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/media/uploads/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrgAAAAQ"]
[Sat Oct 26 05:36:16.112216 2024] [:error] [pid 2872436] [client 179.43.189.138:55678] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /template/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgQAAAAY"]
[Sat Oct 26 05:36:16.112443 2024] [:error] [pid 2872436] [client 179.43.189.138:55678] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgQAAAAY"]
[Sat Oct 26 05:36:16.112596 2024] [:error] [pid 2872436] [client 179.43.189.138:55678] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgQAAAAY"]
[Sat Oct 26 05:36:16.112608 2024] [:error] [pid 2872368] [client 179.43.189.138:55736] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /files/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pAAAAAE"]
[Sat Oct 26 05:36:16.112855 2024] [:error] [pid 2872368] [client 179.43.189.138:55736] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pAAAAAE"]
[Sat Oct 26 05:36:16.113043 2024] [:error] [pid 2872368] [client 179.43.189.138:55736] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pAAAAAE"]
[Sat Oct 26 05:36:16.125446 2024] [:error] [pid 2872369] [client 179.43.189.138:55740] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /resources/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhAAAAAI"]
[Sat Oct 26 05:36:16.125635 2024] [:error] [pid 2872369] [client 179.43.189.138:55740] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhAAAAAI"]
[Sat Oct 26 05:36:16.125823 2024] [:error] [pid 2872369] [client 179.43.189.138:55740] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhAAAAAI"]
[Sat Oct 26 05:36:16.129789 2024] [:error] [pid 2872392] [client 179.43.189.138:55746] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCwAAAAU"]
[Sat Oct 26 05:36:16.130024 2024] [:error] [pid 2872392] [client 179.43.189.138:55746] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCwAAAAU"]
[Sat Oct 26 05:36:16.130204 2024] [:error] [pid 2872392] [client 179.43.189.138:55746] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUCwAAAAU"]
[Sat Oct 26 05:36:16.131798 2024] [:error] [pid 2872370] [client 179.43.189.138:55758] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msQAAAAM"]
[Sat Oct 26 05:36:16.132038 2024] [:error] [pid 2872370] [client 179.43.189.138:55758] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msQAAAAM"]
[Sat Oct 26 05:36:16.132243 2024] [:error] [pid 2872370] [client 179.43.189.138:55758] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msQAAAAM"]
[Sat Oct 26 05:36:16.132399 2024] [:error] [pid 2872367] [client 179.43.189.138:55772] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /extensions/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/extensions/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjowAAAAA"]
[Sat Oct 26 05:36:16.132581 2024] [:error] [pid 2872367] [client 179.43.189.138:55772] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/extensions/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjowAAAAA"]
[Sat Oct 26 05:36:16.132779 2024] [:error] [pid 2872367] [client 179.43.189.138:55772] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/extensions/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjowAAAAA"]
[Sat Oct 26 05:36:16.133861 2024] [:error] [pid 2872371] [client 179.43.189.138:55788] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /drupal/sites/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/sites/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrwAAAAQ"]
[Sat Oct 26 05:36:16.134053 2024] [:error] [pid 2872371] [client 179.43.189.138:55788] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/sites/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrwAAAAQ"]
[Sat Oct 26 05:36:16.134275 2024] [:error] [pid 2872371] [client 179.43.189.138:55788] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/sites/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PrwAAAAQ"]
[Sat Oct 26 05:36:16.135206 2024] [:error] [pid 2872368] [client 179.43.189.138:55806] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /docs/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pQAAAAE"]
[Sat Oct 26 05:36:16.135433 2024] [:error] [pid 2872368] [client 179.43.189.138:55806] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pQAAAAE"]
[Sat Oct 26 05:36:16.135621 2024] [:error] [pid 2872368] [client 179.43.189.138:55806] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pQAAAAE"]
[Sat Oct 26 05:36:16.135792 2024] [:error] [pid 2872436] [client 179.43.189.138:55798] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /prestashop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prestashop/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqggAAAAY"]
[Sat Oct 26 05:36:16.135980 2024] [:error] [pid 2872436] [client 179.43.189.138:55798] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prestashop/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqggAAAAY"]
[Sat Oct 26 05:36:16.136154 2024] [:error] [pid 2872436] [client 179.43.189.138:55798] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prestashop/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqggAAAAY"]
[Sat Oct 26 05:36:16.148245 2024] [:error] [pid 2872369] [client 179.43.189.138:55816] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /documentation/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/documentation/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhQAAAAI"]
[Sat Oct 26 05:36:16.148460 2024] [:error] [pid 2872369] [client 179.43.189.138:55816] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/documentation/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhQAAAAI"]
[Sat Oct 26 05:36:16.148636 2024] [:error] [pid 2872369] [client 179.43.189.138:55816] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/documentation/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhQAAAAI"]
[Sat Oct 26 05:36:16.151719 2024] [:error] [pid 2872392] [client 179.43.189.138:55818] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUDAAAAAU"]
[Sat Oct 26 05:36:16.151876 2024] [:error] [pid 2872392] [client 179.43.189.138:55818] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUDAAAAAU"]
[Sat Oct 26 05:36:16.152028 2024] [:error] [pid 2872392] [client 179.43.189.138:55818] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUDAAAAAU"]
[Sat Oct 26 05:36:16.153690 2024] [:error] [pid 2872370] [client 179.43.189.138:55826] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msgAAAAM"]
[Sat Oct 26 05:36:16.153861 2024] [:error] [pid 2872370] [client 179.43.189.138:55826] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msgAAAAM"]
[Sat Oct 26 05:36:16.154018 2024] [:error] [pid 2872370] [client 179.43.189.138:55826] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9msgAAAAM"]
[Sat Oct 26 05:36:16.154487 2024] [:error] [pid 2872367] [client 179.43.189.138:55832] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /lib/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjpAAAAAA"]
[Sat Oct 26 05:36:16.154724 2024] [:error] [pid 2872367] [client 179.43.189.138:55832] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjpAAAAAA"]
[Sat Oct 26 05:36:16.154988 2024] [:error] [pid 2872367] [client 179.43.189.138:55832] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjpAAAAAA"]
[Sat Oct 26 05:36:16.155936 2024] [:error] [pid 2872371] [client 179.43.189.138:55844] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /bower_components/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/bower_components/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PsAAAAAQ"]
[Sat Oct 26 05:36:16.156139 2024] [:error] [pid 2872371] [client 179.43.189.138:55844] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bower_components/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PsAAAAAQ"]
[Sat Oct 26 05:36:16.156321 2024] [:error] [pid 2872371] [client 179.43.189.138:55844] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bower_components/.git/config"] [unique_id "ZxxjsHUmyp7FcJ9_lY_PsAAAAAQ"]
[Sat Oct 26 05:36:16.157332 2024] [:error] [pid 2872368] [client 179.43.189.138:55856] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pgAAAAE"]
[Sat Oct 26 05:36:16.157571 2024] [:error] [pid 2872368] [client 179.43.189.138:55856] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pgAAAAE"]
[Sat Oct 26 05:36:16.157790 2024] [:error] [pid 2872368] [client 179.43.189.138:55856] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "ZxxjsKAV0pSfcDVZE_T1pgAAAAE"]
[Sat Oct 26 05:36:16.157929 2024] [:error] [pid 2872436] [client 179.43.189.138:55866] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shared/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgwAAAAY"]
[Sat Oct 26 05:36:16.158132 2024] [:error] [pid 2872436] [client 179.43.189.138:55866] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgwAAAAY"]
[Sat Oct 26 05:36:16.158288 2024] [:error] [pid 2872436] [client 179.43.189.138:55866] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.git/config"] [unique_id "ZxxjsL30Ur-kbj4TPouqgwAAAAY"]
[Sat Oct 26 05:36:16.170575 2024] [:error] [pid 2872369] [client 179.43.189.138:55868] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhgAAAAI"]
[Sat Oct 26 05:36:16.170758 2024] [:error] [pid 2872369] [client 179.43.189.138:55868] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhgAAAAI"]
[Sat Oct 26 05:36:16.170921 2024] [:error] [pid 2872369] [client 179.43.189.138:55868] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "ZxxjsFCfcrTqG_R_jGDQhgAAAAI"]
[Sat Oct 26 05:36:16.173745 2024] [:error] [pid 2872392] [client 179.43.189.138:55884] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dist/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUDQAAAAU"]
[Sat Oct 26 05:36:16.173914 2024] [:error] [pid 2872392] [client 179.43.189.138:55884] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUDQAAAAU"]
[Sat Oct 26 05:36:16.174082 2024] [:error] [pid 2872392] [client 179.43.189.138:55884] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "ZxxjsJSzFa2StgkYrldUDQAAAAU"]
[Sat Oct 26 05:36:16.176092 2024] [:error] [pid 2872370] [client 179.43.189.138:55880] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cache/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cache/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mswAAAAM"]
[Sat Oct 26 05:36:16.176311 2024] [:error] [pid 2872370] [client 179.43.189.138:55880] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cache/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mswAAAAM"]
[Sat Oct 26 05:36:16.176521 2024] [:error] [pid 2872370] [client 179.43.189.138:55880] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cache/.git/config"] [unique_id "ZxxjsBW79L51VgEUIp9mswAAAAM"]
[Sat Oct 26 05:36:16.176853 2024] [:error] [pid 2872367] [client 179.43.189.138:55892] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /env/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjpQAAAAA"]
[Sat Oct 26 05:36:16.177042 2024] [:error] [pid 2872367] [client 179.43.189.138:55892] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjpQAAAAA"]
[Sat Oct 26 05:36:16.177244 2024] [:error] [pid 2872367] [client 179.43.189.138:55892] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.git/config"] [unique_id "ZxxjsMYALjnTr3ciuJbjpQAAAAA"]
[Wed Oct 30 21:02:20.856003 2024] [authz_core:error] [pid 2975096] [client 46.101.1.225:51072] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Wed Oct 30 21:02:21.154191 2024] [:error] [pid 2975098] [client 46.101.1.225:51092] [client 46.101.1.225] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZyKQzYpDoVO-fkMzfHDA7gAAAAs"]
[Wed Oct 30 21:02:21.154804 2024] [:error] [pid 2975098] [client 46.101.1.225:51092] [client 46.101.1.225] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZyKQzYpDoVO-fkMzfHDA7gAAAAs"]
[Wed Oct 30 21:02:21.155239 2024] [:error] [pid 2975098] [client 46.101.1.225:51092] [client 46.101.1.225] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "ZyKQzYpDoVO-fkMzfHDA7gAAAAs"]
[Wed Oct 30 21:02:21.257973 2024] [:error] [pid 2975124] [client 46.101.1.225:51104] [client 46.101.1.225] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKQzechDjGpzVAigBXCqQAAAAU"]
[Wed Oct 30 21:02:21.258637 2024] [:error] [pid 2975124] [client 46.101.1.225:51104] [client 46.101.1.225] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKQzechDjGpzVAigBXCqQAAAAU"]
[Wed Oct 30 21:02:21.259172 2024] [:error] [pid 2975124] [client 46.101.1.225:51104] [client 46.101.1.225] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKQzechDjGpzVAigBXCqQAAAAU"]
[Wed Oct 30 21:02:21.358190 2024] [:error] [pid 2975122] [client 46.101.1.225:51114] [client 46.101.1.225] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKQzV5ctFF4U-4U2NyRSQAAAAE"]
[Wed Oct 30 21:02:21.358672 2024] [:error] [pid 2975122] [client 46.101.1.225:51114] [client 46.101.1.225] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKQzV5ctFF4U-4U2NyRSQAAAAE"]
[Wed Oct 30 21:02:21.359053 2024] [:error] [pid 2975122] [client 46.101.1.225:51114] [client 46.101.1.225] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKQzV5ctFF4U-4U2NyRSQAAAAE"]
[Wed Oct 30 21:04:02.421258 2024] [:error] [pid 2975124] [client 142.93.12.230:40732] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "ZyKRMuchDjGpzVAigBXCqgAAAAU"]
[Wed Oct 30 21:04:02.421934 2024] [:error] [pid 2975124] [client 142.93.12.230:40732] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "ZyKRMuchDjGpzVAigBXCqgAAAAU"]
[Wed Oct 30 21:04:02.422457 2024] [:error] [pid 2975124] [client 142.93.12.230:40732] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "ZyKRMuchDjGpzVAigBXCqgAAAAU"]
[Wed Oct 30 21:04:02.423291 2024] [:error] [pid 2975123] [client 142.93.12.230:40806] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRMgbkhn-eHTdgQaS2SgAAAAI"]
[Wed Oct 30 21:04:02.423901 2024] [:error] [pid 2975123] [client 142.93.12.230:40806] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRMgbkhn-eHTdgQaS2SgAAAAI"]
[Wed Oct 30 21:04:02.424280 2024] [:error] [pid 2975123] [client 142.93.12.230:40806] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRMgbkhn-eHTdgQaS2SgAAAAI"]
[Wed Oct 30 21:04:02.424613 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA8AAAAAs"]
[Wed Oct 30 21:04:02.425182 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA8AAAAAs"]
[Wed Oct 30 21:04:02.425609 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA8AAAAAs"]
[Wed Oct 30 21:04:02.429145 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OQAAAAg"]
[Wed Oct 30 21:04:02.429357 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OQAAAAg"]
[Wed Oct 30 21:04:02.429534 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OQAAAAg"]
[Wed Oct 30 21:04:02.535132 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZyKRMopDoVO-fkMzfHDA8QAAAAs"]
[Wed Oct 30 21:04:02.535685 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZyKRMopDoVO-fkMzfHDA8QAAAAs"]
[Wed Oct 30 21:04:02.536173 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZyKRMopDoVO-fkMzfHDA8QAAAAs"]
[Wed Oct 30 21:04:02.539517 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OgAAAAg"]
[Wed Oct 30 21:04:02.540021 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OgAAAAg"]
[Wed Oct 30 21:04:02.540302 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OgAAAAg"]
[Wed Oct 30 21:04:02.630694 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZyKRMopDoVO-fkMzfHDA8gAAAAs"]
[Wed Oct 30 21:04:02.630862 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZyKRMopDoVO-fkMzfHDA8gAAAAs"]
[Wed Oct 30 21:04:02.631106 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZyKRMopDoVO-fkMzfHDA8gAAAAs"]
[Wed Oct 30 21:04:02.631300 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "ZyKRMopDoVO-fkMzfHDA8gAAAAs"]
[Wed Oct 30 21:04:02.631663 2024] [:error] [pid 2975122] [client 142.93.12.230:40708] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKRMl5ctFF4U-4U2NyRTAAAAAE"]
[Wed Oct 30 21:04:02.632210 2024] [:error] [pid 2975122] [client 142.93.12.230:40708] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKRMl5ctFF4U-4U2NyRTAAAAAE"]
[Wed Oct 30 21:04:02.632518 2024] [:error] [pid 2975122] [client 142.93.12.230:40708] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKRMl5ctFF4U-4U2NyRTAAAAAE"]
[Wed Oct 30 21:04:02.634280 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OwAAAAg"]
[Wed Oct 30 21:04:02.634476 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OwAAAAg"]
[Wed Oct 30 21:04:02.634630 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "ZyKRMtGTI0UdeL8AmPV7OwAAAAg"]
[Wed Oct 30 21:04:02.727724 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA8wAAAAs"]
[Wed Oct 30 21:04:02.728486 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA8wAAAAs"]
[Wed Oct 30 21:04:02.728960 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA8wAAAAs"]
[Wed Oct 30 21:04:02.731929 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PAAAAAg"]
[Wed Oct 30 21:04:02.732286 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PAAAAAg"]
[Wed Oct 30 21:04:02.732600 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PAAAAAg"]
[Wed Oct 30 21:04:02.825392 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA9AAAAAs"]
[Wed Oct 30 21:04:02.825996 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA9AAAAAs"]
[Wed Oct 30 21:04:02.826505 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA9AAAAAs"]
[Wed Oct 30 21:04:02.829639 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PQAAAAg"]
[Wed Oct 30 21:04:02.830145 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PQAAAAg"]
[Wed Oct 30 21:04:02.830572 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PQAAAAg"]
[Wed Oct 30 21:04:02.922935 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA9QAAAAs"]
[Wed Oct 30 21:04:02.923512 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA9QAAAAs"]
[Wed Oct 30 21:04:02.923997 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "ZyKRMopDoVO-fkMzfHDA9QAAAAs"]
[Wed Oct 30 21:04:02.926399 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PgAAAAg"]
[Wed Oct 30 21:04:02.927922 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PgAAAAg"]
[Wed Oct 30 21:04:02.928358 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "ZyKRMtGTI0UdeL8AmPV7PgAAAAg"]
[Wed Oct 30 21:04:03.022125 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ZyKRM4pDoVO-fkMzfHDA9gAAAAs"]
[Wed Oct 30 21:04:03.022686 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ZyKRM4pDoVO-fkMzfHDA9gAAAAs"]
[Wed Oct 30 21:04:03.023150 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "ZyKRM4pDoVO-fkMzfHDA9gAAAAs"]
[Wed Oct 30 21:04:03.025767 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZyKRM9GTI0UdeL8AmPV7PwAAAAg"]
[Wed Oct 30 21:04:03.026056 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZyKRM9GTI0UdeL8AmPV7PwAAAAg"]
[Wed Oct 30 21:04:03.026302 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "ZyKRM9GTI0UdeL8AmPV7PwAAAAg"]
[Wed Oct 30 21:04:03.119171 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZyKRM4pDoVO-fkMzfHDA9wAAAAs"]
[Wed Oct 30 21:04:03.121779 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QAAAAAg"]
[Wed Oct 30 21:04:03.122347 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QAAAAAg"]
[Wed Oct 30 21:04:03.122404 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZyKRM4pDoVO-fkMzfHDA9wAAAAs"]
[Wed Oct 30 21:04:03.122767 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QAAAAAg"]
[Wed Oct 30 21:04:03.122967 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZyKRM4pDoVO-fkMzfHDA9wAAAAs"]
[Wed Oct 30 21:04:03.123448 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "ZyKRM4pDoVO-fkMzfHDA9wAAAAs"]
[Wed Oct 30 21:04:03.224684 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZyKRM4pDoVO-fkMzfHDA-AAAAAs"]
[Wed Oct 30 21:04:03.225201 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZyKRM4pDoVO-fkMzfHDA-AAAAAs"]
[Wed Oct 30 21:04:03.225781 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZyKRM4pDoVO-fkMzfHDA-AAAAAs"]
[Wed Oct 30 21:04:03.226276 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "ZyKRM4pDoVO-fkMzfHDA-AAAAAs"]
[Wed Oct 30 21:04:03.226575 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.www"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QQAAAAg"]
[Wed Oct 30 21:04:03.227110 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QQAAAAg"]
[Wed Oct 30 21:04:03.227548 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QQAAAAg"]
[Wed Oct 30 21:04:03.322976 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "ZyKRM4pDoVO-fkMzfHDA-QAAAAs"]
[Wed Oct 30 21:04:03.323132 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QgAAAAg"]
[Wed Oct 30 21:04:03.323563 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "ZyKRM4pDoVO-fkMzfHDA-QAAAAs"]
[Wed Oct 30 21:04:03.323633 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QgAAAAg"]
[Wed Oct 30 21:04:03.324045 2024] [:error] [pid 2975098] [client 142.93.12.230:40772] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "ZyKRM4pDoVO-fkMzfHDA-QAAAAs"]
[Wed Oct 30 21:04:03.324124 2024] [:error] [pid 2975138] [client 142.93.12.230:40874] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "ZyKRM9GTI0UdeL8AmPV7QgAAAAg"]
[Wed Oct 30 21:04:05.483594 2024] [:error] [pid 2975125] [client 142.93.12.230:40966] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "ZyKRNQzAjc-1DNeFb0Xs6QAAAAY"]
[Wed Oct 30 21:04:05.484348 2024] [:error] [pid 2975125] [client 142.93.12.230:40966] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "ZyKRNQzAjc-1DNeFb0Xs6QAAAAY"]
[Wed Oct 30 21:04:05.484824 2024] [:error] [pid 2975125] [client 142.93.12.230:40966] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "ZyKRNQzAjc-1DNeFb0Xs6QAAAAY"]
[Wed Oct 30 21:04:05.969192 2024] [:error] [pid 2975147] [client 142.93.12.230:40992] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRNbQ4oPkqKa9OsrMhNAAAAA0"]
[Wed Oct 30 21:04:05.969891 2024] [:error] [pid 2975147] [client 142.93.12.230:40992] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRNbQ4oPkqKa9OsrMhNAAAAA0"]
[Wed Oct 30 21:04:05.970489 2024] [:error] [pid 2975147] [client 142.93.12.230:40992] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRNbQ4oPkqKa9OsrMhNAAAAA0"]
[Wed Oct 30 21:04:07.618052 2024] [:error] [pid 2975123] [client 142.93.12.230:41030] [client 142.93.12.230] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZyKRNwbkhn-eHTdgQaS2SwAAAAI"]
[Wed Oct 30 21:04:07.619409 2024] [:error] [pid 2975123] [client 142.93.12.230:41030] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZyKRNwbkhn-eHTdgQaS2SwAAAAI"]
[Wed Oct 30 21:04:07.619658 2024] [:error] [pid 2975123] [client 142.93.12.230:41030] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZyKRNwbkhn-eHTdgQaS2SwAAAAI"]
[Wed Oct 30 21:04:07.980593 2024] [:error] [pid 2975149] [client 142.93.12.230:41090] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRN6aenDevrdS5CJEmMQAAAA8"]
[Wed Oct 30 21:04:07.981055 2024] [:error] [pid 2975149] [client 142.93.12.230:41090] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRN6aenDevrdS5CJEmMQAAAA8"]
[Wed Oct 30 21:04:07.981385 2024] [:error] [pid 2975149] [client 142.93.12.230:41090] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKRN6aenDevrdS5CJEmMQAAAA8"]
[Wed Oct 30 21:04:08.168599 2024] [:error] [pid 2975143] [client 142.93.12.230:40788] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROHvqhn4QH8oANzmXuwAAAAk"]
[Wed Oct 30 21:04:08.169395 2024] [:error] [pid 2975143] [client 142.93.12.230:40788] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROHvqhn4QH8oANzmXuwAAAAk"]
[Wed Oct 30 21:04:08.169977 2024] [:error] [pid 2975143] [client 142.93.12.230:40788] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROHvqhn4QH8oANzmXuwAAAAk"]
[Wed Oct 30 21:04:08.429559 2024] [:error] [pid 2975122] [client 142.93.12.230:41038] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKROF5ctFF4U-4U2NyRUwAAAAE"]
[Wed Oct 30 21:04:08.430103 2024] [:error] [pid 2975122] [client 142.93.12.230:41038] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKROF5ctFF4U-4U2NyRUwAAAAE"]
[Wed Oct 30 21:04:08.430582 2024] [:error] [pid 2975122] [client 142.93.12.230:41038] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyKROF5ctFF4U-4U2NyRUwAAAAE"]
[Wed Oct 30 21:04:08.526161 2024] [:error] [pid 2975098] [client 142.93.12.230:40756] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROIpDoVO-fkMzfHDA-gAAAAs"]
[Wed Oct 30 21:04:08.526749 2024] [:error] [pid 2975098] [client 142.93.12.230:40756] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROIpDoVO-fkMzfHDA-gAAAAs"]
[Wed Oct 30 21:04:08.527215 2024] [:error] [pid 2975098] [client 142.93.12.230:40756] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROIpDoVO-fkMzfHDA-gAAAAs"]
[Wed Oct 30 21:04:08.986775 2024] [:error] [pid 2975150] [client 142.93.12.230:41112] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROB-c8Wjlz3LaJ9qR6QAAABA"]
[Wed Oct 30 21:04:08.987553 2024] [:error] [pid 2975150] [client 142.93.12.230:41112] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROB-c8Wjlz3LaJ9qR6QAAABA"]
[Wed Oct 30 21:04:08.988030 2024] [:error] [pid 2975150] [client 142.93.12.230:41112] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROB-c8Wjlz3LaJ9qR6QAAABA"]
[Wed Oct 30 21:04:09.425103 2024] [:error] [pid 2975094] [client 142.93.12.230:41180] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROTFhfEsq4aUE29VdNgAAAAA"]
[Wed Oct 30 21:04:09.425723 2024] [:error] [pid 2975094] [client 142.93.12.230:41180] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROTFhfEsq4aUE29VdNgAAAAA"]
[Wed Oct 30 21:04:09.426173 2024] [:error] [pid 2975094] [client 142.93.12.230:41180] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROTFhfEsq4aUE29VdNgAAAAA"]
[Wed Oct 30 21:04:09.993351 2024] [:error] [pid 2975152] [client 142.93.12.230:41100] [client 142.93.12.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROYhj6yxpTzJ5UBH80gAAABI"]
[Wed Oct 30 21:04:09.994191 2024] [:error] [pid 2975152] [client 142.93.12.230:41100] [client 142.93.12.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROYhj6yxpTzJ5UBH80gAAABI"]
[Wed Oct 30 21:04:09.994715 2024] [:error] [pid 2975152] [client 142.93.12.230:41100] [client 142.93.12.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyKROYhj6yxpTzJ5UBH80gAAABI"]
[Thu Oct 31 11:31:25.380012 2024] [:error] [pid 2981281] [client 185.229.224.230:49283] [client 185.229.224.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyNcfY7QqL7-Sw8LP-jAhAAAAAQ"]
[Thu Oct 31 11:31:25.380727 2024] [:error] [pid 2981281] [client 185.229.224.230:49283] [client 185.229.224.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyNcfY7QqL7-Sw8LP-jAhAAAAAQ"]
[Thu Oct 31 11:31:25.381184 2024] [:error] [pid 2981281] [client 185.229.224.230:49283] [client 185.229.224.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyNcfY7QqL7-Sw8LP-jAhAAAAAQ"]
[Sun Nov 03 02:39:10.456351 2024] [:error] [pid 3055865] [client 45.148.10.206:54250] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZybUPnorPEG-E0kULEglmwAAAAE"]
[Sun Nov 03 02:39:10.459354 2024] [:error] [pid 3055865] [client 45.148.10.206:54250] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZybUPnorPEG-E0kULEglmwAAAAE"]
[Sun Nov 03 02:39:10.459835 2024] [:error] [pid 3055865] [client 45.148.10.206:54250] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZybUPnorPEG-E0kULEglmwAAAAE"]
[Tue Nov 05 17:02:10.638820 2024] [:error] [pid 3101160] [client 64.95.11.36:47386] [client 64.95.11.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZypBgm_pEl2mzRC_koKxZwAAAAU"]
[Tue Nov 05 17:02:10.639631 2024] [:error] [pid 3101160] [client 64.95.11.36:47386] [client 64.95.11.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZypBgm_pEl2mzRC_koKxZwAAAAU"]
[Tue Nov 05 17:02:10.640085 2024] [:error] [pid 3101160] [client 64.95.11.36:47386] [client 64.95.11.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZypBgm_pEl2mzRC_koKxZwAAAAU"]
[Wed Nov 06 01:37:54.790628 2024] [:error] [pid 3120903] [client 104.244.73.136:47976] [client 104.244.73.136] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Zyq6YiozqzyeX5panTqg5AAAAAI"]
[Wed Nov 06 01:37:54.794754 2024] [:error] [pid 3120903] [client 104.244.73.136:47976] [client 104.244.73.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Zyq6YiozqzyeX5panTqg5AAAAAI"]
[Wed Nov 06 01:37:54.795239 2024] [:error] [pid 3120903] [client 104.244.73.136:47976] [client 104.244.73.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Zyq6YiozqzyeX5panTqg5AAAAAI"]
[Wed Nov 06 01:37:55.692336 2024] [:error] [pid 3120870] [client 192.42.116.176:15287] [client 192.42.116.176] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Zyq6Y2skubCzkiLy8QnargAAAAA"]
[Wed Nov 06 01:37:55.692970 2024] [:error] [pid 3120870] [client 192.42.116.176:15287] [client 192.42.116.176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Zyq6Y2skubCzkiLy8QnargAAAAA"]
[Wed Nov 06 01:37:55.693553 2024] [:error] [pid 3120870] [client 192.42.116.176:15287] [client 192.42.116.176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Zyq6Y2skubCzkiLy8QnargAAAAA"]
[Wed Nov 06 04:33:33.389813 2024] [:error] [pid 3124095] [client 45.148.10.172:48688] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyrjjToVbNW8JKLPQg0yvAAAAAY"]
[Wed Nov 06 04:33:33.390575 2024] [:error] [pid 3124095] [client 45.148.10.172:48688] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyrjjToVbNW8JKLPQg0yvAAAAAY"]
[Wed Nov 06 04:33:33.391010 2024] [:error] [pid 3124095] [client 45.148.10.172:48688] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZyrjjToVbNW8JKLPQg0yvAAAAAY"]
[Wed Nov 06 15:45:42.107687 2024] [proxy_http:error] [pid 3134931] (20014)Internal error (specific information not available): [client 217.71.68.23:58543] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.107700 2024] [proxy_http:error] [pid 3134638] (20014)Internal error (specific information not available): [client 217.71.68.23:27450] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.107778 2024] [proxy_http:error] [pid 3134905] (20014)Internal error (specific information not available): [client 217.71.68.23:52110] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.108188 2024] [proxy_http:error] [pid 3136062] (20014)Internal error (specific information not available): [client 217.71.68.23:51220] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.121837 2024] [proxy_http:error] [pid 3136055] (20014)Internal error (specific information not available): [client 217.71.68.23:41702] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.122590 2024] [proxy_http:error] [pid 3135759] (20014)Internal error (specific information not available): [client 217.71.68.23:15127] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.122795 2024] [proxy_http:error] [pid 3134943] (20014)Internal error (specific information not available): [client 217.71.68.23:19326] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.123479 2024] [proxy_http:error] [pid 3134932] (20014)Internal error (specific information not available): [client 217.71.68.23:59179] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.164773 2024] [proxy:error] [pid 3134915] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.164825 2024] [proxy_http:error] [pid 3134915] [client 217.71.68.23:26518] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.166532 2024] [proxy:error] [pid 3135044] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.166567 2024] [proxy_http:error] [pid 3135044] [client 217.71.68.23:50636] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.177203 2024] [proxy:error] [pid 3134960] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.177226 2024] [proxy_http:error] [pid 3134960] [client 217.71.68.23:52244] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.177485 2024] [proxy:error] [pid 3136078] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.177509 2024] [proxy_http:error] [pid 3136078] [client 217.71.68.23:40420] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.179551 2024] [proxy:error] [pid 3136059] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.179571 2024] [proxy_http:error] [pid 3136059] [client 217.71.68.23:10952] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.187501 2024] [proxy:error] [pid 3136061] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.187522 2024] [proxy_http:error] [pid 3136061] [client 217.71.68.23:29138] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.321116 2024] [proxy:error] [pid 3135786] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.321141 2024] [proxy_http:error] [pid 3135786] [client 217.71.68.23:61856] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:45:42.324264 2024] [proxy:error] [pid 3136060] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:45:42.324285 2024] [proxy_http:error] [pid 3136060] [client 217.71.68.23:49892] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:46:04.217633 2024] [proxy:error] [pid 3136078] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:46:04.217663 2024] [proxy_http:error] [pid 3136078] [client 217.71.68.23:10875] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:46:06.774045 2024] [proxy:error] [pid 3136059] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:46:06.774080 2024] [proxy_http:error] [pid 3136059] [client 217.71.68.23:19102] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:46:07.802328 2024] [proxy:error] [pid 3136061] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:46:07.802366 2024] [proxy_http:error] [pid 3136061] [client 217.71.68.23:8307] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.042119 2024] [proxy_http:error] [pid 3136059] (20014)Internal error (specific information not available): [client 217.71.68.23:17956] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.044073 2024] [proxy_http:error] [pid 3136078] (20014)Internal error (specific information not available): [client 217.71.68.23:56090] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.046294 2024] [proxy_http:error] [pid 3134917] (20014)Internal error (specific information not available): [client 217.71.68.23:33535] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.046612 2024] [proxy:error] [pid 3134917] [client 217.71.68.23:33535] AH00898: Error reading from remote server returned by /rest/attribute-sets/view_economiasolidale/64e5bfb53c77da0696599768, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.047309 2024] [proxy_http:error] [pid 3134960] (20014)Internal error (specific information not available): [client 217.71.68.23:42338] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.048226 2024] [proxy_http:error] [pid 3138302] (20014)Internal error (specific information not available): [client 217.71.68.23:26798] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.049245 2024] [proxy_http:error] [pid 3138304] (20014)Internal error (specific information not available): [client 217.71.68.23:21141] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.070411 2024] [proxy:error] [pid 3134917] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.070442 2024] [proxy_http:error] [pid 3134917] [client 217.71.68.23:33535] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.106712 2024] [proxy:error] [pid 3135786] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.106717 2024] [proxy:error] [pid 3138308] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.106750 2024] [proxy_http:error] [pid 3135786] [client 217.71.68.23:51363] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.106760 2024] [proxy_http:error] [pid 3138308] [client 217.71.68.23:2400] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.109074 2024] [proxy:error] [pid 3136062] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.109098 2024] [proxy_http:error] [pid 3136062] [client 217.71.68.23:45077] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.109135 2024] [proxy:error] [pid 3136057] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.109170 2024] [proxy_http:error] [pid 3136057] [client 217.71.68.23:16863] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.109521 2024] [proxy:error] [pid 3136061] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.109543 2024] [proxy_http:error] [pid 3136061] [client 217.71.68.23:42101] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.125816 2024] [proxy:error] [pid 3134943] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.125843 2024] [proxy_http:error] [pid 3134943] [client 217.71.68.23:36850] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.159194 2024] [proxy:error] [pid 3138294] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.159223 2024] [proxy_http:error] [pid 3138294] [client 217.71.68.23:5073] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.162206 2024] [proxy:error] [pid 3138307] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.162224 2024] [proxy_http:error] [pid 3138307] [client 217.71.68.23:24186] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.164393 2024] [proxy:error] [pid 3136060] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.164411 2024] [proxy_http:error] [pid 3136060] [client 217.71.68.23:61600] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.164867 2024] [proxy:error] [pid 3136078] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.164881 2024] [proxy_http:error] [pid 3136078] [client 217.71.68.23:7350] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.165144 2024] [proxy:error] [pid 3136059] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.165162 2024] [proxy_http:error] [pid 3136059] [client 217.71.68.23:62608] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.187034 2024] [proxy:error] [pid 3134960] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.187079 2024] [proxy_http:error] [pid 3134960] [client 217.71.68.23:28278] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 15:52:58.209602 2024] [proxy:error] [pid 3138304] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 15:52:58.209630 2024] [proxy_http:error] [pid 3138304] [client 217.71.68.23:20116] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.786506 2024] [proxy_http:error] [pid 3139703] (20014)Internal error (specific information not available): [client 80.117.116.250:63184] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.786559 2024] [proxy:error] [pid 3139703] [client 80.117.116.250:63184] AH00898: Error reading from remote server returned by /rest/categories/view_autumnus/64e5bfa23c77da0696599767, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.787369 2024] [proxy_http:error] [pid 3139702] (20014)Internal error (specific information not available): [client 80.117.116.250:63183] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.787393 2024] [proxy_http:error] [pid 3138294] (20014)Internal error (specific information not available): [client 80.117.116.250:63179] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.787784 2024] [proxy_http:error] [pid 3138304] (20014)Internal error (specific information not available): [client 80.117.116.250:63182] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.788113 2024] [proxy_http:error] [pid 3139589] (20014)Internal error (specific information not available): [client 80.117.116.250:63096] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.788388 2024] [proxy_http:error] [pid 3138307] (20014)Internal error (specific information not available): [client 80.117.116.250:63051] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.792960 2024] [proxy_http:error] [pid 3139661] (20014)Internal error (specific information not available): [client 80.117.116.250:63180] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.794265 2024] [proxy_http:error] [pid 3134960] (20014)Internal error (specific information not available): [client 80.117.116.250:63178] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.794884 2024] [proxy_http:error] [pid 3136059] (20014)Internal error (specific information not available): [client 80.117.116.250:63056] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.795527 2024] [proxy_http:error] [pid 3139459] (20014)Internal error (specific information not available): [client 80.117.116.250:63057] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.795542 2024] [proxy:error] [pid 3139459] [client 80.117.116.250:63057] AH00898: Error reading from remote server returned by /rest/attribute-sets/view_forsttrento/6551e400d753997c0d9d6d65, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.796063 2024] [proxy_http:error] [pid 3139608] (20014)Internal error (specific information not available): [client 80.117.116.250:63095] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.796682 2024] [proxy_http:error] [pid 3136057] (20014)Internal error (specific information not available): [client 80.117.116.250:63054] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.824861 2024] [proxy:error] [pid 3139703] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:39.824893 2024] [proxy_http:error] [pid 3139703] [client 80.117.116.250:63184] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.899218 2024] [proxy:error] [pid 3139704] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:39.899243 2024] [proxy_http:error] [pid 3139704] [client 80.117.116.250:63197] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.900718 2024] [proxy:error] [pid 3139706] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:39.900743 2024] [proxy_http:error] [pid 3139706] [client 80.117.116.250:63199] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.901388 2024] [proxy:error] [pid 3136060] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:39.901405 2024] [proxy_http:error] [pid 3136060] [client 80.117.116.250:63198] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.935264 2024] [proxy:error] [pid 3139589] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:39.935294 2024] [proxy_http:error] [pid 3139589] [client 80.117.116.250:63202] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:39.974073 2024] [proxy:error] [pid 3138307] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:39.974096 2024] [proxy_http:error] [pid 3138307] [client 80.117.116.250:63203] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:40.005597 2024] [proxy:error] [pid 3136059] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:40.005621 2024] [proxy_http:error] [pid 3136059] [client 80.117.116.250:63205] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:40.016076 2024] [proxy:error] [pid 3139459] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:40.016103 2024] [proxy_http:error] [pid 3139459] [client 80.117.116.250:63204] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:40.039015 2024] [proxy:error] [pid 3139608] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:40.039040 2024] [proxy_http:error] [pid 3139608] [client 80.117.116.250:63206] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:40.072062 2024] [proxy:error] [pid 3136057] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:40.072089 2024] [proxy_http:error] [pid 3136057] [client 80.117.116.250:63207] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:40.090474 2024] [proxy:error] [pid 3138294] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:40.090498 2024] [proxy_http:error] [pid 3138294] [client 80.117.116.250:63208] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:40.918347 2024] [proxy:error] [pid 3139708] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:40.918399 2024] [proxy_http:error] [pid 3139708] [client 80.117.116.250:63201] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:40.919171 2024] [proxy:error] [pid 3139707] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:40.919209 2024] [proxy_http:error] [pid 3139707] [client 80.117.116.250:63200] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:07:57.463132 2024] [proxy:error] [pid 3136059] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:07:57.463163 2024] [proxy_http:error] [pid 3136059] [client 80.117.116.250:63216] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:08:03.030063 2024] [proxy:error] [pid 3139459] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:08:03.030097 2024] [proxy_http:error] [pid 3139459] [client 80.117.116.250:63219] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:08:03.097758 2024] [proxy:error] [pid 3139702] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:08:03.097787 2024] [proxy_http:error] [pid 3139702] [client 80.117.116.250:63225] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.576863 2024] [proxy_http:error] [pid 3138294] (20014)Internal error (specific information not available): [client 80.117.116.250:63224] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.577708 2024] [proxy_http:error] [pid 3139708] (20014)Internal error (specific information not available): [client 80.117.116.250:63236] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.589616 2024] [proxy_http:error] [pid 3139702] (20014)Internal error (specific information not available): [client 80.117.116.250:63241] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.589641 2024] [proxy:error] [pid 3139702] [client 80.117.116.250:63241] AH00898: Error reading from remote server returned by /rest/categories/view_autumnus/64e5bfa23c77da0696599767, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.590440 2024] [proxy_http:error] [pid 3139707] (20014)Internal error (specific information not available): [client 80.117.116.250:63237] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.591151 2024] [proxy_http:error] [pid 3139661] (20014)Internal error (specific information not available): [client 80.117.116.250:63226] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.591434 2024] [proxy_http:error] [pid 3136059] (20014)Internal error (specific information not available): [client 80.117.116.250:63239] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.619838 2024] [proxy:error] [pid 3139702] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.619867 2024] [proxy_http:error] [pid 3139702] [client 80.117.116.250:63241] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.681803 2024] [proxy:error] [pid 3139608] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.681899 2024] [proxy_http:error] [pid 3139608] [client 80.117.116.250:63275] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.686581 2024] [proxy:error] [pid 3134960] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.686604 2024] [proxy_http:error] [pid 3134960] [client 80.117.116.250:63278] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.724481 2024] [proxy:error] [pid 3139459] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.724507 2024] [proxy_http:error] [pid 3139459] [client 80.117.116.250:63276] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.732003 2024] [proxy:error] [pid 3139708] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.732027 2024] [proxy_http:error] [pid 3139708] [client 80.117.116.250:63280] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.796951 2024] [proxy:error] [pid 3136059] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.796975 2024] [proxy_http:error] [pid 3136059] [client 80.117.116.250:63282] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.802880 2024] [proxy:error] [pid 3136057] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.802898 2024] [proxy_http:error] [pid 3136057] [client 80.117.116.250:63277] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.811599 2024] [proxy:error] [pid 3139848] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.811624 2024] [proxy_http:error] [pid 3139848] [client 80.117.116.250:63279] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.815948 2024] [proxy:error] [pid 3139702] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.815965 2024] [proxy_http:error] [pid 3139702] [client 80.117.116.250:63281] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:09:25.831480 2024] [proxy:error] [pid 3139608] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:09:25.831499 2024] [proxy_http:error] [pid 3139608] [client 80.117.116.250:63283] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.099079 2024] [proxy_http:error] [pid 3134960] (20014)Internal error (specific information not available): [client 80.117.116.250:64290] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.100672 2024] [proxy_http:error] [pid 3139702] (20014)Internal error (specific information not available): [client 80.117.116.250:64284] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.100688 2024] [proxy_http:error] [pid 3139608] (20014)Internal error (specific information not available): [client 80.117.116.250:64285] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.311427 2024] [proxy_http:error] [pid 3139708] (20014)Internal error (specific information not available): [client 80.117.116.250:64291] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.311454 2024] [proxy:error] [pid 3139708] [client 80.117.116.250:64291] AH00898: Error reading from remote server returned by /rest/categories/view_autumnus/64e5bfa23c77da0696599767, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.311943 2024] [proxy_http:error] [pid 3136059] (20014)Internal error (specific information not available): [client 80.117.116.250:64350] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.313131 2024] [proxy_http:error] [pid 3139848] (20014)Internal error (specific information not available): [client 80.117.116.250:64349] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.313162 2024] [proxy:error] [pid 3139848] [client 80.117.116.250:64349] AH00898: Error reading from remote server returned by /rest/channels/channelDetails/partners/64e5bfa23c77da0696599767, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.314949 2024] [proxy_http:error] [pid 3139661] (20014)Internal error (specific information not available): [client 80.117.116.250:64287] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:28:36.315686 2024] [proxy_http:error] [pid 3139707] (20014)Internal error (specific information not available): [client 80.117.116.250:64286] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.776740 2024] [proxy_http:error] [pid 3134960] (20014)Internal error (specific information not available): [client 80.117.116.250:64447] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.777808 2024] [proxy_http:error] [pid 3139608] (20014)Internal error (specific information not available): [client 80.117.116.250:64444] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.778560 2024] [proxy_http:error] [pid 3140495] (20014)Internal error (specific information not available): [client 80.117.116.250:64443] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.994421 2024] [proxy_http:error] [pid 3139708] (20014)Internal error (specific information not available): [client 80.117.116.250:64448] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.995317 2024] [proxy_http:error] [pid 3139707] (20014)Internal error (specific information not available): [client 80.117.116.250:64441] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.996000 2024] [proxy_http:error] [pid 3139661] (20014)Internal error (specific information not available): [client 80.117.116.250:64442] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.996637 2024] [proxy_http:error] [pid 3139848] (20014)Internal error (specific information not available): [client 80.117.116.250:64578] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:28.996657 2024] [proxy:error] [pid 3139848] [client 80.117.116.250:64578] AH00898: Error reading from remote server returned by /rest/warehouses/channel/64e5bfa23c77da0696599767, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:29.710756 2024] [proxy:error] [pid 3139702] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:33:29.710782 2024] [proxy_http:error] [pid 3139702] [client 80.117.116.250:64582] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:33:29.767588 2024] [proxy:error] [pid 3134960] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:33:29.767613 2024] [proxy_http:error] [pid 3134960] [client 80.117.116.250:64585] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.668036 2024] [proxy_http:error] [pid 3139661] (20014)Internal error (specific information not available): [client 80.117.116.250:64602] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.668853 2024] [proxy_http:error] [pid 3139707] (20014)Internal error (specific information not available): [client 80.117.116.250:64601] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.675554 2024] [proxy_http:error] [pid 3140737] (20014)Internal error (specific information not available): [client 80.117.116.250:64608] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.675587 2024] [proxy:error] [pid 3140737] [client 80.117.116.250:64608] AH00898: Error reading from remote server returned by /rest/categories/view_autumnus/64e5bfa23c77da0696599767, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.676267 2024] [proxy_http:error] [pid 3134960] (20014)Internal error (specific information not available): [client 80.117.116.250:64605] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.677235 2024] [proxy_http:error] [pid 3139848] (20014)Internal error (specific information not available): [client 80.117.116.250:64603] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.677869 2024] [proxy_http:error] [pid 3139608] (20014)Internal error (specific information not available): [client 80.117.116.250:64604] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.706389 2024] [proxy:error] [pid 3140737] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.706425 2024] [proxy_http:error] [pid 3140737] [client 80.117.116.250:64608] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.750802 2024] [proxy:error] [pid 3138294] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.750875 2024] [proxy_http:error] [pid 3138294] [client 80.117.116.250:64623] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.755975 2024] [proxy:error] [pid 3139702] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.756006 2024] [proxy_http:error] [pid 3139702] [client 80.117.116.250:64624] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.761553 2024] [proxy:error] [pid 3141020] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.761578 2024] [proxy_http:error] [pid 3141020] [client 80.117.116.250:64626] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.763214 2024] [proxy:error] [pid 3141013] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.763238 2024] [proxy_http:error] [pid 3141013] [client 80.117.116.250:64622] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.772915 2024] [proxy:error] [pid 3141022] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.772946 2024] [proxy_http:error] [pid 3141022] [client 80.117.116.250:64625] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.790165 2024] [proxy:error] [pid 3141021] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.790197 2024] [proxy_http:error] [pid 3141021] [client 80.117.116.250:64627] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.833491 2024] [proxy:error] [pid 3140495] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.833525 2024] [proxy_http:error] [pid 3140495] [client 80.117.116.250:64629] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:34:31.833546 2024] [proxy:error] [pid 3140729] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:34:31.833568 2024] [proxy_http:error] [pid 3140729] [client 80.117.116.250:64628] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.893786 2024] [proxy_http:error] [pid 3140729] (20014)Internal error (specific information not available): [client 80.117.116.250:64653] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.895794 2024] [proxy_http:error] [pid 3140495] (20014)Internal error (specific information not available): [client 80.117.116.250:64651] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.895820 2024] [proxy:error] [pid 3140495] [client 80.117.116.250:64651] AH00898: Error reading from remote server returned by /rest/categories/default/62ed13d02477d328814c66ed, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.896547 2024] [proxy_http:error] [pid 3141020] (20014)Internal error (specific information not available): [client 80.117.116.250:64640] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.897203 2024] [proxy_http:error] [pid 3139608] (20014)Internal error (specific information not available): [client 80.117.116.250:64633] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.898112 2024] [proxy_http:error] [pid 3141013] (20014)Internal error (specific information not available): [client 80.117.116.250:64639] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.898125 2024] [proxy_http:error] [pid 3141022] (20014)Internal error (specific information not available): [client 80.117.116.250:64652] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:12.980324 2024] [proxy:error] [pid 3140495] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:36:12.980359 2024] [proxy_http:error] [pid 3140495] [client 80.117.116.250:64651] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:13.768896 2024] [proxy:error] [pid 3138294] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:36:13.768922 2024] [proxy_http:error] [pid 3138294] [client 80.117.116.250:64717] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:36:13.832007 2024] [proxy:error] [pid 3141021] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3000 (127.0.0.1:3000) failed
[Wed Nov 06 16:36:13.832036 2024] [proxy_http:error] [pid 3141021] [client 80.117.116.250:64715] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:38:28.982455 2024] [proxy_http:error] [pid 3136057] (70007)The timeout specified has expired: [client 80.117.116.250:64577] AH01102: error reading status line from remote server 127.0.0.1:3000, referer: https://pms.test.indacotrentino.com/
[Wed Nov 06 16:38:28.982547 2024] [proxy:error] [pid 3136057] [client 80.117.116.250:64577] AH00898: Error reading from remote server returned by /backend, referer: https://pms.test.indacotrentino.com/
[Thu Nov 07 01:26:58.547271 2024] [:error] [pid 3147539] [client 179.43.149.114:45390] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZywJUmz0dDp6pu0IiYxCcQAAAAs"]
[Thu Nov 07 01:26:58.549964 2024] [:error] [pid 3147539] [client 179.43.149.114:45390] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZywJUmz0dDp6pu0IiYxCcQAAAAs"]
[Thu Nov 07 01:26:58.550576 2024] [:error] [pid 3147539] [client 179.43.149.114:45390] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "ZywJUmz0dDp6pu0IiYxCcQAAAAs"]
[Thu Nov 07 01:26:58.593430 2024] [:error] [pid 3147572] [client 179.43.149.114:45398] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZywJUqqAVaV4sXh5xxDgtQAAAAE"]
[Thu Nov 07 01:26:58.593924 2024] [:error] [pid 3147572] [client 179.43.149.114:45398] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZywJUqqAVaV4sXh5xxDgtQAAAAE"]
[Thu Nov 07 01:26:58.594419 2024] [:error] [pid 3147572] [client 179.43.149.114:45398] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "ZywJUqqAVaV4sXh5xxDgtQAAAAE"]
[Thu Nov 07 01:26:58.755606 2024] [:error] [pid 3147541] [client 179.43.149.114:45412] [client 179.43.149.114] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZywJUhBu-oeYjG34ATP3IQAAAAM"]
[Thu Nov 07 01:26:58.756069 2024] [:error] [pid 3147541] [client 179.43.149.114:45412] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZywJUhBu-oeYjG34ATP3IQAAAAM"]
[Thu Nov 07 01:26:58.756533 2024] [:error] [pid 3147541] [client 179.43.149.114:45412] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "ZywJUhBu-oeYjG34ATP3IQAAAAM"]
[Thu Nov 07 16:27:05.309559 2024] [:error] [pid 3159443] [client 45.148.10.206:58350] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyzcSRmTjcGv_FU_k9B1GQAAAAU"]
[Thu Nov 07 16:27:05.311881 2024] [:error] [pid 3159443] [client 45.148.10.206:58350] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyzcSRmTjcGv_FU_k9B1GQAAAAU"]
[Thu Nov 07 16:27:05.313572 2024] [:error] [pid 3159443] [client 45.148.10.206:58350] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZyzcSRmTjcGv_FU_k9B1GQAAAAU"]
[Fri Nov 08 03:46:58.169039 2024] [:error] [pid 3173237] [client 179.43.149.114:51602] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zy17ont0cx6KMM2Kf7HV7QAAAAE"]
[Fri Nov 08 03:46:58.169617 2024] [:error] [pid 3173237] [client 179.43.149.114:51602] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zy17ont0cx6KMM2Kf7HV7QAAAAE"]
[Fri Nov 08 03:46:58.170075 2024] [:error] [pid 3173237] [client 179.43.149.114:51602] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zy17ont0cx6KMM2Kf7HV7QAAAAE"]
[Fri Nov 08 03:46:58.212939 2024] [:error] [pid 3173297] [client 179.43.149.114:51618] [client 179.43.149.114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.exemple"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "Zy17opPNB__TzPMU7SaNAwAAAAU"]
[Fri Nov 08 03:46:58.213456 2024] [:error] [pid 3173297] [client 179.43.149.114:51618] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "Zy17opPNB__TzPMU7SaNAwAAAAU"]
[Fri Nov 08 03:46:58.213887 2024] [:error] [pid 3173297] [client 179.43.149.114:51618] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.exemple"] [unique_id "Zy17opPNB__TzPMU7SaNAwAAAAU"]
[Fri Nov 08 03:46:58.344024 2024] [:error] [pid 3173238] [client 179.43.149.114:51658] [client 179.43.149.114] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Zy17og02DxhwpOtIN5365QAAAAI"]
[Fri Nov 08 03:46:58.344483 2024] [:error] [pid 3173238] [client 179.43.149.114:51658] [client 179.43.149.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Zy17og02DxhwpOtIN5365QAAAAI"]
[Fri Nov 08 03:46:58.344913 2024] [:error] [pid 3173238] [client 179.43.149.114:51658] [client 179.43.149.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Zy17og02DxhwpOtIN5365QAAAAI"]
[Sat Nov 09 13:15:31.551030 2024] [:error] [pid 3197613] [client 179.43.189.138:42242] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zy9SY1_8lQDUII8pxCob5gAAAAE"]
[Sat Nov 09 13:15:31.554466 2024] [:error] [pid 3197613] [client 179.43.189.138:42242] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zy9SY1_8lQDUII8pxCob5gAAAAE"]
[Sat Nov 09 13:15:31.554695 2024] [:error] [pid 3197613] [client 179.43.189.138:42242] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zy9SY1_8lQDUII8pxCob5gAAAAE"]
[Sat Nov 09 13:15:31.584468 2024] [:error] [pid 3197612] [client 179.43.189.138:42254] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zy9SY9yV4ogG0i4EOWdmVAAAAAA"]
[Sat Nov 09 13:15:31.585034 2024] [:error] [pid 3197612] [client 179.43.189.138:42254] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zy9SY9yV4ogG0i4EOWdmVAAAAAA"]
[Sat Nov 09 13:15:31.585452 2024] [:error] [pid 3197612] [client 179.43.189.138:42254] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zy9SY9yV4ogG0i4EOWdmVAAAAAA"]
[Sat Nov 09 20:39:28.773616 2024] [:error] [pid 3198943] [client 45.148.10.206:60234] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zy-6cHdzLahsWaSfigonHQAAAAY"]
[Sat Nov 09 20:39:28.774219 2024] [:error] [pid 3198943] [client 45.148.10.206:60234] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zy-6cHdzLahsWaSfigonHQAAAAY"]
[Sat Nov 09 20:39:28.774694 2024] [:error] [pid 3198943] [client 45.148.10.206:60234] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zy-6cHdzLahsWaSfigonHQAAAAY"]
[Sun Nov 10 18:00:39.558778 2024] [:error] [pid 3231366] [client 45.148.10.206:44004] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzDmt3aXq9GF-b66HSv_ywAAAC0"]
[Sun Nov 10 18:00:39.559658 2024] [:error] [pid 3231366] [client 45.148.10.206:44004] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzDmt3aXq9GF-b66HSv_ywAAAC0"]
[Sun Nov 10 18:00:39.560077 2024] [:error] [pid 3231366] [client 45.148.10.206:44004] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzDmt3aXq9GF-b66HSv_ywAAAC0"]
[Mon Nov 11 09:59:38.558577 2024] [:error] [pid 3242328] [client 103.102.230.7:35780] [client 103.102.230.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzHHemKN8a8fzbBmtol5VAAAABA"]
[Mon Nov 11 09:59:38.559228 2024] [:error] [pid 3242328] [client 103.102.230.7:35780] [client 103.102.230.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzHHemKN8a8fzbBmtol5VAAAABA"]
[Mon Nov 11 09:59:38.559735 2024] [:error] [pid 3242328] [client 103.102.230.7:35780] [client 103.102.230.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzHHemKN8a8fzbBmtol5VAAAABA"]
[Wed Nov 13 15:15:06.492424 2024] [:error] [pid 3293209] [client 35.171.47.129:59936] [client 35.171.47.129] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzS0ar_Po6nVH4w0oRTOdQAAAAU"]
[Wed Nov 13 15:15:06.494646 2024] [:error] [pid 3293209] [client 35.171.47.129:59936] [client 35.171.47.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzS0ar_Po6nVH4w0oRTOdQAAAAU"]
[Wed Nov 13 15:15:06.495125 2024] [:error] [pid 3293209] [client 35.171.47.129:59936] [client 35.171.47.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzS0ar_Po6nVH4w0oRTOdQAAAAU"]
[Sun Nov 17 09:05:37.663753 2024] [:error] [pid 3372497] [client 45.148.10.206:34770] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zzmj0Y5DXkzt6b4mqDAWQAAAABI"]
[Sun Nov 17 09:05:37.665246 2024] [:error] [pid 3372497] [client 45.148.10.206:34770] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zzmj0Y5DXkzt6b4mqDAWQAAAABI"]
[Sun Nov 17 09:05:37.665763 2024] [:error] [pid 3372497] [client 45.148.10.206:34770] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zzmj0Y5DXkzt6b4mqDAWQAAAABI"]
[Sun Nov 17 13:30:16.469611 2024] [:error] [pid 3370338] [client 45.148.10.172:43908] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zznh2ItN8Fx1_F3WiUqMPwAAAAc"]
[Sun Nov 17 13:30:16.470379 2024] [:error] [pid 3370338] [client 45.148.10.172:43908] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zznh2ItN8Fx1_F3WiUqMPwAAAAc"]
[Sun Nov 17 13:30:16.470848 2024] [:error] [pid 3370338] [client 45.148.10.172:43908] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zznh2ItN8Fx1_F3WiUqMPwAAAAc"]
[Mon Nov 18 13:10:11.760833 2024] [:error] [pid 3390892] [client 109.205.213.242:49738] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zzsuo6QPRinBm9vo4nRANgAAAAQ"]
[Mon Nov 18 13:10:11.761548 2024] [:error] [pid 3390892] [client 109.205.213.242:49738] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zzsuo6QPRinBm9vo4nRANgAAAAQ"]
[Mon Nov 18 13:10:11.762018 2024] [:error] [pid 3390892] [client 109.205.213.242:49738] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Zzsuo6QPRinBm9vo4nRANgAAAAQ"]
[Mon Nov 18 13:10:12.546206 2024] [:error] [pid 3397390] [client 109.205.213.242:49750] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZzsupC-gQ5bb_KHUZ8yLegAAAAg"]
[Mon Nov 18 13:10:12.546883 2024] [:error] [pid 3397390] [client 109.205.213.242:49750] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZzsupC-gQ5bb_KHUZ8yLegAAAAg"]
[Mon Nov 18 13:10:12.547361 2024] [:error] [pid 3397390] [client 109.205.213.242:49750] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "ZzsupC-gQ5bb_KHUZ8yLegAAAAg"]
[Mon Nov 18 13:10:13.044854 2024] [:error] [pid 3390891] [client 109.205.213.242:49760] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Zzsupd1Z9snompattk92CgAAAAM"]
[Mon Nov 18 13:10:13.045119 2024] [:error] [pid 3390891] [client 109.205.213.242:49760] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Zzsupd1Z9snompattk92CgAAAAM"]
[Mon Nov 18 13:10:13.045333 2024] [:error] [pid 3390891] [client 109.205.213.242:49760] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Zzsupd1Z9snompattk92CgAAAAM"]
[Mon Nov 18 13:10:13.595310 2024] [:error] [pid 3390890] [client 109.205.213.242:49772] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ZzsupQASzURO3JgKUNpIIQAAAAI"]
[Mon Nov 18 13:10:13.595736 2024] [:error] [pid 3390890] [client 109.205.213.242:49772] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ZzsupQASzURO3JgKUNpIIQAAAAI"]
[Mon Nov 18 13:10:13.595976 2024] [:error] [pid 3390890] [client 109.205.213.242:49772] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "ZzsupQASzURO3JgKUNpIIQAAAAI"]
[Mon Nov 18 13:10:14.160774 2024] [:error] [pid 3390889] [client 109.205.213.242:49786] [client 109.205.213.242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "Zzsuprrd3yrSwoQ3D9wUuwAAAAE"]
[Mon Nov 18 13:10:14.161174 2024] [:error] [pid 3390889] [client 109.205.213.242:49786] [client 109.205.213.242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "Zzsuprrd3yrSwoQ3D9wUuwAAAAE"]
[Mon Nov 18 13:10:14.161441 2024] [:error] [pid 3390889] [client 109.205.213.242:49786] [client 109.205.213.242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "Zzsuprrd3yrSwoQ3D9wUuwAAAAE"]
[Tue Nov 19 21:01:12.181170 2024] [:error] [pid 3412343] [client 45.148.10.122:50620] [client 45.148.10.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzzuiN0YIkxJbgtl7qSj2AAAAAE"]
[Tue Nov 19 21:01:12.181848 2024] [:error] [pid 3412343] [client 45.148.10.122:50620] [client 45.148.10.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzzuiN0YIkxJbgtl7qSj2AAAAAE"]
[Tue Nov 19 21:01:12.182362 2024] [:error] [pid 3412343] [client 45.148.10.122:50620] [client 45.148.10.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "ZzzuiN0YIkxJbgtl7qSj2AAAAAE"]
[Wed Nov 20 03:46:12.813564 2024] [:error] [pid 3432512] [client 103.102.230.7:37896] [client 103.102.230.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zz1NdLVdLJAhNWjSFbRU7wAAAAQ"]
[Wed Nov 20 03:46:12.814731 2024] [:error] [pid 3432512] [client 103.102.230.7:37896] [client 103.102.230.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zz1NdLVdLJAhNWjSFbRU7wAAAAQ"]
[Wed Nov 20 03:46:12.815272 2024] [:error] [pid 3432512] [client 103.102.230.7:37896] [client 103.102.230.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zz1NdLVdLJAhNWjSFbRU7wAAAAQ"]
[Wed Nov 20 05:44:33.499927 2024] [:error] [pid 3432512] [client 103.102.230.7:58618] [client 103.102.230.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zz1pMbVdLJAhNWjSFbRVDAAAAAQ"]
[Wed Nov 20 05:44:33.500667 2024] [:error] [pid 3432512] [client 103.102.230.7:58618] [client 103.102.230.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zz1pMbVdLJAhNWjSFbRVDAAAAAQ"]
[Wed Nov 20 05:44:33.501111 2024] [:error] [pid 3432512] [client 103.102.230.7:58618] [client 103.102.230.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Zz1pMbVdLJAhNWjSFbRVDAAAAAQ"]
[Wed Nov 20 22:03:34.344914 2024] [:error] [pid 3432836] [client 179.43.189.138:57274] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "Zz5OphXCl2FtfQrz1hPkmQAAAAY"]
[Wed Nov 20 22:03:34.345422 2024] [:error] [pid 3432836] [client 179.43.189.138:57274] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "Zz5OphXCl2FtfQrz1hPkmQAAAAY"]
[Wed Nov 20 22:03:34.345794 2024] [:error] [pid 3432836] [client 179.43.189.138:57274] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "Zz5OphXCl2FtfQrz1hPkmQAAAAY"]
[Wed Nov 20 22:03:34.346092 2024] [:error] [pid 3432510] [client 179.43.189.138:57276] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Zz5OppNIWEPqCpZJ2OSnzwAAAAI"]
[Wed Nov 20 22:03:34.346725 2024] [:error] [pid 3432510] [client 179.43.189.138:57276] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Zz5OppNIWEPqCpZJ2OSnzwAAAAI"]
[Wed Nov 20 22:03:34.347221 2024] [:error] [pid 3432510] [client 179.43.189.138:57276] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Zz5OppNIWEPqCpZJ2OSnzwAAAAI"]
[Wed Nov 20 22:03:34.349866 2024] [:error] [pid 3437948] [client 179.43.189.138:57280] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Zz5Oph0PkVhcHywN3vd_SQAAAAg"]
[Wed Nov 20 22:03:34.350554 2024] [:error] [pid 3437948] [client 179.43.189.138:57280] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Zz5Oph0PkVhcHywN3vd_SQAAAAg"]
[Wed Nov 20 22:03:34.350958 2024] [:error] [pid 3437948] [client 179.43.189.138:57280] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Zz5Oph0PkVhcHywN3vd_SQAAAAg"]
[Wed Nov 20 22:03:34.354825 2024] [:error] [pid 3432511] [client 179.43.189.138:57296] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zz5OpvEOG8-BSstphSetMwAAAAM"]
[Wed Nov 20 22:03:34.355085 2024] [:error] [pid 3432511] [client 179.43.189.138:57296] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zz5OpvEOG8-BSstphSetMwAAAAM"]
[Wed Nov 20 22:03:34.355274 2024] [:error] [pid 3432511] [client 179.43.189.138:57296] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Zz5OpvEOG8-BSstphSetMwAAAAM"]
[Wed Nov 20 22:03:34.368909 2024] [:error] [pid 3432512] [client 179.43.189.138:57308] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Zz5OprVdLJAhNWjSFbRVPQAAAAQ"]
[Wed Nov 20 22:03:34.369334 2024] [:error] [pid 3432512] [client 179.43.189.138:57308] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Zz5OprVdLJAhNWjSFbRVPQAAAAQ"]
[Wed Nov 20 22:03:34.369616 2024] [:error] [pid 3432512] [client 179.43.189.138:57308] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "Zz5OprVdLJAhNWjSFbRVPQAAAAQ"]
[Wed Nov 20 22:03:34.370299 2024] [:error] [pid 3432524] [client 179.43.189.138:57324] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "Zz5Opq6cv_oxOL4ro9C3DQAAAAU"]
[Wed Nov 20 22:03:34.370627 2024] [:error] [pid 3432524] [client 179.43.189.138:57324] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "Zz5Opq6cv_oxOL4ro9C3DQAAAAU"]
[Wed Nov 20 22:03:34.370835 2024] [:error] [pid 3432524] [client 179.43.189.138:57324] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "Zz5Opq6cv_oxOL4ro9C3DQAAAAU"]
[Wed Nov 20 22:03:34.372550 2024] [:error] [pid 3432509] [client 179.43.189.138:57328] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "Zz5OpgqaIhYhUwB3k80gWQAAAAE"]
[Wed Nov 20 22:03:34.372922 2024] [:error] [pid 3432509] [client 179.43.189.138:57328] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "Zz5OpgqaIhYhUwB3k80gWQAAAAE"]
[Wed Nov 20 22:03:34.373226 2024] [:error] [pid 3432509] [client 179.43.189.138:57328] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "Zz5OpgqaIhYhUwB3k80gWQAAAAE"]
[Wed Nov 20 22:03:34.375350 2024] [:error] [pid 3432508] [client 179.43.189.138:57340] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /environment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/environment/.env"] [unique_id "Zz5Opv1WQWOOTUAxsO_9YAAAAAA"]
[Wed Nov 20 22:03:34.375613 2024] [:error] [pid 3432508] [client 179.43.189.138:57340] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/environment/.env"] [unique_id "Zz5Opv1WQWOOTUAxsO_9YAAAAAA"]
[Wed Nov 20 22:03:34.375817 2024] [:error] [pid 3432508] [client 179.43.189.138:57340] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/environment/.env"] [unique_id "Zz5Opv1WQWOOTUAxsO_9YAAAAAA"]
[Wed Nov 20 22:03:34.379344 2024] [:error] [pid 3437952] [client 179.43.189.138:57356] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "Zz5OphJMIISc8jslYUlC0QAAAAk"]
[Wed Nov 20 22:03:34.379592 2024] [:error] [pid 3437952] [client 179.43.189.138:57356] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "Zz5OphJMIISc8jslYUlC0QAAAAk"]
[Wed Nov 20 22:03:34.379791 2024] [:error] [pid 3437952] [client 179.43.189.138:57356] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "Zz5OphJMIISc8jslYUlC0QAAAAk"]
[Wed Nov 20 22:03:34.381673 2024] [:error] [pid 3437940] [client 179.43.189.138:57368] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Zz5Opln7EBez1PUTednKpQAAAAc"]
[Wed Nov 20 22:03:34.381975 2024] [:error] [pid 3437940] [client 179.43.189.138:57368] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Zz5Opln7EBez1PUTednKpQAAAAc"]
[Wed Nov 20 22:03:34.382185 2024] [:error] [pid 3437940] [client 179.43.189.138:57368] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "Zz5Opln7EBez1PUTednKpQAAAAc"]
[Wed Nov 20 22:03:34.384662 2024] [:error] [pid 3432836] [client 179.43.189.138:57380] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/env/.env"] [unique_id "Zz5OphXCl2FtfQrz1hPkmgAAAAY"]
[Wed Nov 20 22:03:34.384973 2024] [:error] [pid 3432836] [client 179.43.189.138:57380] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/env/.env"] [unique_id "Zz5OphXCl2FtfQrz1hPkmgAAAAY"]
[Wed Nov 20 22:03:34.385215 2024] [:error] [pid 3432836] [client 179.43.189.138:57380] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/env/.env"] [unique_id "Zz5OphXCl2FtfQrz1hPkmgAAAAY"]
[Wed Nov 20 22:03:34.389202 2024] [:error] [pid 3432510] [client 179.43.189.138:57382] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Zz5OppNIWEPqCpZJ2OSn0AAAAAI"]
[Wed Nov 20 22:03:34.389433 2024] [:error] [pid 3432510] [client 179.43.189.138:57382] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Zz5OppNIWEPqCpZJ2OSn0AAAAAI"]
[Wed Nov 20 22:03:34.389615 2024] [:error] [pid 3432510] [client 179.43.189.138:57382] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Zz5OppNIWEPqCpZJ2OSn0AAAAAI"]
[Wed Nov 20 22:03:34.405655 2024] [:error] [pid 3432512] [client 179.43.189.138:57400] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Zz5OprVdLJAhNWjSFbRVPgAAAAQ"]
[Wed Nov 20 22:03:34.406146 2024] [:error] [pid 3432512] [client 179.43.189.138:57400] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Zz5OprVdLJAhNWjSFbRVPgAAAAQ"]
[Wed Nov 20 22:03:34.406462 2024] [:error] [pid 3432512] [client 179.43.189.138:57400] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Zz5OprVdLJAhNWjSFbRVPgAAAAQ"]
[Wed Nov 20 22:03:34.407019 2024] [:error] [pid 3432524] [client 179.43.189.138:57404] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Zz5Opq6cv_oxOL4ro9C3DgAAAAU"]
[Wed Nov 20 22:03:34.407449 2024] [:error] [pid 3432524] [client 179.43.189.138:57404] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Zz5Opq6cv_oxOL4ro9C3DgAAAAU"]
[Wed Nov 20 22:03:34.407713 2024] [:error] [pid 3432511] [client 179.43.189.138:57396] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/.env"] [unique_id "Zz5OpvEOG8-BSstphSetNAAAAAM"]
[Wed Nov 20 22:03:34.407781 2024] [:error] [pid 3432524] [client 179.43.189.138:57404] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "Zz5Opq6cv_oxOL4ro9C3DgAAAAU"]
[Wed Nov 20 22:03:34.408091 2024] [:error] [pid 3432511] [client 179.43.189.138:57396] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/.env"] [unique_id "Zz5OpvEOG8-BSstphSetNAAAAAM"]
[Wed Nov 20 22:03:34.408377 2024] [:error] [pid 3432511] [client 179.43.189.138:57396] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/.env"] [unique_id "Zz5OpvEOG8-BSstphSetNAAAAAM"]
[Wed Nov 20 22:03:34.409731 2024] [:error] [pid 3437948] [client 179.43.189.138:57384] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "Zz5Oph0PkVhcHywN3vd_SgAAAAg"]
[Wed Nov 20 22:03:34.410092 2024] [:error] [pid 3437948] [client 179.43.189.138:57384] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "Zz5Oph0PkVhcHywN3vd_SgAAAAg"]
[Wed Nov 20 22:03:34.410430 2024] [:error] [pid 3437948] [client 179.43.189.138:57384] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "Zz5Oph0PkVhcHywN3vd_SgAAAAg"]
[Wed Nov 20 22:03:34.411261 2024] [:error] [pid 3432509] [client 179.43.189.138:57406] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Zz5OpgqaIhYhUwB3k80gWgAAAAE"]
[Wed Nov 20 22:03:34.411573 2024] [:error] [pid 3432509] [client 179.43.189.138:57406] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Zz5OpgqaIhYhUwB3k80gWgAAAAE"]
[Wed Nov 20 22:03:34.411804 2024] [:error] [pid 3432509] [client 179.43.189.138:57406] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Zz5OpgqaIhYhUwB3k80gWgAAAAE"]
[Wed Nov 20 22:03:34.435876 2024] [:error] [pid 3432508] [client 179.43.189.138:57410] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "Zz5Opv1WQWOOTUAxsO_9YQAAAAA"]
[Wed Nov 20 22:03:34.436284 2024] [:error] [pid 3432508] [client 179.43.189.138:57410] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "Zz5Opv1WQWOOTUAxsO_9YQAAAAA"]
[Wed Nov 20 22:03:34.436600 2024] [:error] [pid 3432508] [client 179.43.189.138:57410] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "Zz5Opv1WQWOOTUAxsO_9YQAAAAA"]
[Wed Nov 20 22:03:34.448603 2024] [:error] [pid 3437952] [client 179.43.189.138:57424] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Zz5OphJMIISc8jslYUlC0gAAAAk"]
[Wed Nov 20 22:03:34.449131 2024] [:error] [pid 3437952] [client 179.43.189.138:57424] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Zz5OphJMIISc8jslYUlC0gAAAAk"]
[Wed Nov 20 22:03:34.449518 2024] [:error] [pid 3437952] [client 179.43.189.138:57424] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Zz5OphJMIISc8jslYUlC0gAAAAk"]
[Sat Nov 23 09:13:14.589462 2024] [:error] [pid 3498455] [client 45.148.10.206:56254] [client 45.148.10.206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z0GOmmS9vj_gNQPHhXOzfAAAAAQ"]
[Sat Nov 23 09:13:14.591325 2024] [:error] [pid 3498455] [client 45.148.10.206:56254] [client 45.148.10.206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z0GOmmS9vj_gNQPHhXOzfAAAAAQ"]
[Sat Nov 23 09:13:14.591609 2024] [:error] [pid 3498455] [client 45.148.10.206:56254] [client 45.148.10.206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z0GOmmS9vj_gNQPHhXOzfAAAAAQ"]
[Wed Nov 27 14:09:42.163247 2024] [:error] [pid 3586430] [client 154.216.17.82:52439] [client 154.216.17.82] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z0caFr8Vc5nyfQkwcVtb8AAAAAI"]
[Wed Nov 27 14:09:42.164449 2024] [:error] [pid 3586430] [client 154.216.17.82:52439] [client 154.216.17.82] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z0caFr8Vc5nyfQkwcVtb8AAAAAI"]
[Wed Nov 27 14:09:42.164811 2024] [:error] [pid 3586430] [client 154.216.17.82:52439] [client 154.216.17.82] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z0caFr8Vc5nyfQkwcVtb8AAAAAI"]
[Fri Nov 29 00:13:41.641906 2024] [:error] [pid 3628412] [client 179.43.189.138:57090] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3sQAAAAM"]
[Fri Nov 29 00:13:41.646763 2024] [:error] [pid 3628411] [client 179.43.189.138:57094] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjAAAAAI"]
[Fri Nov 29 00:13:41.647236 2024] [:error] [pid 3628411] [client 179.43.189.138:57094] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjAAAAAI"]
[Fri Nov 29 00:13:41.647511 2024] [:error] [pid 3628411] [client 179.43.189.138:57094] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/content../.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjAAAAAI"]
[Fri Nov 29 00:13:41.648473 2024] [:error] [pid 3628412] [client 179.43.189.138:57090] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3sQAAAAM"]
[Fri Nov 29 00:13:41.648715 2024] [:error] [pid 3628412] [client 179.43.189.138:57090] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/css../.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3sQAAAAM"]
[Fri Nov 29 00:13:41.723686 2024] [:error] [pid 3628413] [client 179.43.189.138:57102] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURkgAAAAQ"]
[Fri Nov 29 00:13:41.724252 2024] [:error] [pid 3628413] [client 179.43.189.138:57102] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURkgAAAAQ"]
[Fri Nov 29 00:13:41.724701 2024] [:error] [pid 3628413] [client 179.43.189.138:57102] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURkgAAAAQ"]
[Fri Nov 29 00:13:41.765740 2024] [:error] [pid 3628423] [client 179.43.189.138:57114] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jAAAAAU"]
[Fri Nov 29 00:13:41.766038 2024] [:error] [pid 3628423] [client 179.43.189.138:57114] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jAAAAAU"]
[Fri Nov 29 00:13:41.766271 2024] [:error] [pid 3628423] [client 179.43.189.138:57114] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jAAAAAU"]
[Fri Nov 29 00:13:41.767862 2024] [:error] [pid 3628621] [client 179.43.189.138:57126] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7QAAAAY"]
[Fri Nov 29 00:13:41.768216 2024] [:error] [pid 3628621] [client 179.43.189.138:57126] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7QAAAAY"]
[Fri Nov 29 00:13:41.768481 2024] [:error] [pid 3628621] [client 179.43.189.138:57126] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static../.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7QAAAAY"]
[Fri Nov 29 00:13:41.779035 2024] [:error] [pid 3628409] [client 179.43.189.138:57142] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbigAAAAA"]
[Fri Nov 29 00:13:41.779450 2024] [:error] [pid 3628409] [client 179.43.189.138:57142] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbigAAAAA"]
[Fri Nov 29 00:13:41.779712 2024] [:error] [pid 3628409] [client 179.43.189.138:57142] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/img../.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbigAAAAA"]
[Fri Nov 29 00:13:41.779717 2024] [:error] [pid 3628410] [client 179.43.189.138:57128] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /scripts/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.git/config"] [unique_id "Z0j5JXm8KQSPFke33BTPzwAAAAE"]
[Fri Nov 29 00:13:41.780096 2024] [:error] [pid 3628410] [client 179.43.189.138:57128] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.git/config"] [unique_id "Z0j5JXm8KQSPFke33BTPzwAAAAE"]
[Fri Nov 29 00:13:41.780379 2024] [:error] [pid 3628410] [client 179.43.189.138:57128] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.git/config"] [unique_id "Z0j5JXm8KQSPFke33BTPzwAAAAE"]
[Fri Nov 29 00:13:41.809352 2024] [:error] [pid 3628411] [client 179.43.189.138:57150] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjQAAAAI"]
[Fri Nov 29 00:13:41.809864 2024] [:error] [pid 3628411] [client 179.43.189.138:57150] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjQAAAAI"]
[Fri Nov 29 00:13:41.810323 2024] [:error] [pid 3628411] [client 179.43.189.138:57150] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjQAAAAI"]
[Fri Nov 29 00:13:41.851564 2024] [:error] [pid 3628413] [client 179.43.189.138:57162] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURkwAAAAQ"]
[Fri Nov 29 00:13:41.851805 2024] [:error] [pid 3628412] [client 179.43.189.138:57172] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3sgAAAAM"]
[Fri Nov 29 00:13:41.851826 2024] [:error] [pid 3628413] [client 179.43.189.138:57162] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURkwAAAAQ"]
[Fri Nov 29 00:13:41.852025 2024] [:error] [pid 3628413] [client 179.43.189.138:57162] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURkwAAAAQ"]
[Fri Nov 29 00:13:41.852175 2024] [:error] [pid 3628412] [client 179.43.189.138:57172] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3sgAAAAM"]
[Fri Nov 29 00:13:41.852412 2024] [:error] [pid 3628412] [client 179.43.189.138:57172] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3sgAAAAM"]
[Fri Nov 29 00:13:41.861783 2024] [:error] [pid 3628423] [client 179.43.189.138:57176] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /panel/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jQAAAAU"]
[Fri Nov 29 00:13:41.862075 2024] [:error] [pid 3628423] [client 179.43.189.138:57176] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jQAAAAU"]
[Fri Nov 29 00:13:41.862349 2024] [:error] [pid 3628423] [client 179.43.189.138:57176] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jQAAAAU"]
[Fri Nov 29 00:13:41.862729 2024] [:error] [pid 3628621] [client 179.43.189.138:57178] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7gAAAAY"]
[Fri Nov 29 00:13:41.863197 2024] [:error] [pid 3628621] [client 179.43.189.138:57178] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7gAAAAY"]
[Fri Nov 29 00:13:41.863432 2024] [:error] [pid 3628621] [client 179.43.189.138:57178] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7gAAAAY"]
[Fri Nov 29 00:13:41.892395 2024] [:error] [pid 3628409] [client 179.43.189.138:57184] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /template/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbiwAAAAA"]
[Fri Nov 29 00:13:41.892819 2024] [:error] [pid 3628409] [client 179.43.189.138:57184] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbiwAAAAA"]
[Fri Nov 29 00:13:41.893146 2024] [:error] [pid 3628409] [client 179.43.189.138:57184] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbiwAAAAA"]
[Fri Nov 29 00:13:41.936736 2024] [:error] [pid 3628411] [client 179.43.189.138:57208] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /views/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/views/.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjgAAAAI"]
[Fri Nov 29 00:13:41.937005 2024] [:error] [pid 3628410] [client 179.43.189.138:57194] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /templates/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.git/config"] [unique_id "Z0j5JXm8KQSPFke33BTP0AAAAAE"]
[Fri Nov 29 00:13:41.937183 2024] [:error] [pid 3628411] [client 179.43.189.138:57208] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/views/.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjgAAAAI"]
[Fri Nov 29 00:13:41.937551 2024] [:error] [pid 3628411] [client 179.43.189.138:57208] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/views/.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjgAAAAI"]
[Fri Nov 29 00:13:41.937693 2024] [:error] [pid 3628410] [client 179.43.189.138:57194] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.git/config"] [unique_id "Z0j5JXm8KQSPFke33BTP0AAAAAE"]
[Fri Nov 29 00:13:41.938124 2024] [:error] [pid 3628410] [client 179.43.189.138:57194] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.git/config"] [unique_id "Z0j5JXm8KQSPFke33BTP0AAAAAE"]
[Fri Nov 29 00:13:41.944530 2024] [:error] [pid 3628413] [client 179.43.189.138:57212] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /layout/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURlAAAAAQ"]
[Fri Nov 29 00:13:41.944874 2024] [:error] [pid 3628413] [client 179.43.189.138:57212] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURlAAAAAQ"]
[Fri Nov 29 00:13:41.945114 2024] [:error] [pid 3628413] [client 179.43.189.138:57212] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.git/config"] [unique_id "Z0j5JXuSClf5hqK7deURlAAAAAQ"]
[Fri Nov 29 00:13:41.946023 2024] [:error] [pid 3628412] [client 179.43.189.138:57228] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /uploads/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3swAAAAM"]
[Fri Nov 29 00:13:41.946346 2024] [:error] [pid 3628412] [client 179.43.189.138:57228] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3swAAAAM"]
[Fri Nov 29 00:13:41.946548 2024] [:error] [pid 3628412] [client 179.43.189.138:57228] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.git/config"] [unique_id "Z0j5JZ8TNJfFMxXmIuV3swAAAAM"]
[Fri Nov 29 00:13:41.952125 2024] [:error] [pid 3628621] [client 179.43.189.138:57242] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /js/libs/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/libs/.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7wAAAAY"]
[Fri Nov 29 00:13:41.952404 2024] [:error] [pid 3628621] [client 179.43.189.138:57242] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/libs/.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7wAAAAY"]
[Fri Nov 29 00:13:41.952464 2024] [:error] [pid 3628423] [client 179.43.189.138:57256] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jgAAAAU"]
[Fri Nov 29 00:13:41.952679 2024] [:error] [pid 3628621] [client 179.43.189.138:57242] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/libs/.git/config"] [unique_id "Z0j5JVLI-XWAVIgZzuog7wAAAAY"]
[Fri Nov 29 00:13:41.952705 2024] [:error] [pid 3628423] [client 179.43.189.138:57256] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jgAAAAU"]
[Fri Nov 29 00:13:41.952910 2024] [:error] [pid 3628423] [client 179.43.189.138:57256] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/media../.git/config"] [unique_id "Z0j5JQ52qNCqUQPzbEI1jgAAAAU"]
[Fri Nov 29 00:13:41.954444 2024] [:error] [pid 3628409] [client 179.43.189.138:57252] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbjAAAAAA"]
[Fri Nov 29 00:13:41.954684 2024] [:error] [pid 3628409] [client 179.43.189.138:57252] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbjAAAAAA"]
[Fri Nov 29 00:13:41.954879 2024] [:error] [pid 3628409] [client 179.43.189.138:57252] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib../.git/config"] [unique_id "Z0j5JXo9X3eV6ODW5yDbjAAAAAA"]
[Fri Nov 29 00:13:41.991647 2024] [:error] [pid 3628411] [client 179.43.189.138:57268] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjwAAAAI"]
[Fri Nov 29 00:13:41.992061 2024] [:error] [pid 3628411] [client 179.43.189.138:57268] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjwAAAAI"]
[Fri Nov 29 00:13:41.992341 2024] [:error] [pid 3628411] [client 179.43.189.138:57268] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/images../.git/config"] [unique_id "Z0j5Ja4feGBFRzE8C9IKjwAAAAI"]
[Fri Nov 29 00:13:42.020730 2024] [:error] [pid 3628410] [client 179.43.189.138:57284] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /files/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0QAAAAE"]
[Fri Nov 29 00:13:42.021195 2024] [:error] [pid 3628410] [client 179.43.189.138:57284] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0QAAAAE"]
[Fri Nov 29 00:13:42.021254 2024] [:error] [pid 3628413] [client 179.43.189.138:57300] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /resources/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlQAAAAQ"]
[Fri Nov 29 00:13:42.021482 2024] [:error] [pid 3628413] [client 179.43.189.138:57300] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlQAAAAQ"]
[Fri Nov 29 00:13:42.021528 2024] [:error] [pid 3628410] [client 179.43.189.138:57284] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0QAAAAE"]
[Fri Nov 29 00:13:42.021676 2024] [:error] [pid 3628413] [client 179.43.189.138:57300] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlQAAAAQ"]
[Fri Nov 29 00:13:42.033654 2024] [:error] [pid 3628412] [client 179.43.189.138:57306] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tAAAAAM"]
[Fri Nov 29 00:13:42.034744 2024] [:error] [pid 3628423] [client 179.43.189.138:57316] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /extensions/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/extensions/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1jwAAAAU"]
[Fri Nov 29 00:13:42.035081 2024] [:error] [pid 3628423] [client 179.43.189.138:57316] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/extensions/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1jwAAAAU"]
[Fri Nov 29 00:13:42.035326 2024] [:error] [pid 3628423] [client 179.43.189.138:57316] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/extensions/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1jwAAAAU"]
[Fri Nov 29 00:13:42.035334 2024] [:error] [pid 3628621] [client 179.43.189.138:57308] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8AAAAAY"]
[Fri Nov 29 00:13:42.035620 2024] [:error] [pid 3628621] [client 179.43.189.138:57308] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8AAAAAY"]
[Fri Nov 29 00:13:42.035828 2024] [:error] [pid 3628621] [client 179.43.189.138:57308] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8AAAAAY"]
[Fri Nov 29 00:13:42.036482 2024] [:error] [pid 3628412] [client 179.43.189.138:57306] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tAAAAAM"]
[Fri Nov 29 00:13:42.036666 2024] [:error] [pid 3628412] [client 179.43.189.138:57306] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tAAAAAM"]
[Fri Nov 29 00:13:42.037327 2024] [:error] [pid 3628409] [client 179.43.189.138:57326] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjQAAAAA"]
[Fri Nov 29 00:13:42.037588 2024] [:error] [pid 3628409] [client 179.43.189.138:57326] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjQAAAAA"]
[Fri Nov 29 00:13:42.037841 2024] [:error] [pid 3628409] [client 179.43.189.138:57326] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjQAAAAA"]
[Fri Nov 29 00:13:42.046965 2024] [:error] [pid 3628411] [client 179.43.189.138:57334] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /drupal/sites/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/sites/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkAAAAAI"]
[Fri Nov 29 00:13:42.047306 2024] [:error] [pid 3628411] [client 179.43.189.138:57334] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/sites/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkAAAAAI"]
[Fri Nov 29 00:13:42.047701 2024] [:error] [pid 3628411] [client 179.43.189.138:57334] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/sites/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkAAAAAI"]
[Fri Nov 29 00:13:42.077040 2024] [:error] [pid 3628410] [client 179.43.189.138:57338] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /prestashop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prestashop/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0gAAAAE"]
[Fri Nov 29 00:13:42.077391 2024] [:error] [pid 3628410] [client 179.43.189.138:57338] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prestashop/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0gAAAAE"]
[Fri Nov 29 00:13:42.077670 2024] [:error] [pid 3628410] [client 179.43.189.138:57338] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prestashop/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0gAAAAE"]
[Fri Nov 29 00:13:42.105502 2024] [:error] [pid 3628423] [client 179.43.189.138:57362] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /documentation/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/documentation/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1kAAAAAU"]
[Fri Nov 29 00:13:42.105583 2024] [:error] [pid 3628413] [client 179.43.189.138:57352] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /docs/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlgAAAAQ"]
[Fri Nov 29 00:13:42.105973 2024] [:error] [pid 3628423] [client 179.43.189.138:57362] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/documentation/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1kAAAAAU"]
[Fri Nov 29 00:13:42.106035 2024] [:error] [pid 3628413] [client 179.43.189.138:57352] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlgAAAAQ"]
[Fri Nov 29 00:13:42.106420 2024] [:error] [pid 3628423] [client 179.43.189.138:57362] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/documentation/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1kAAAAAU"]
[Fri Nov 29 00:13:42.107409 2024] [:error] [pid 3628413] [client 179.43.189.138:57352] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlgAAAAQ"]
[Fri Nov 29 00:13:42.117118 2024] [:error] [pid 3628412] [client 179.43.189.138:57376] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tQAAAAM"]
[Fri Nov 29 00:13:42.117503 2024] [:error] [pid 3628412] [client 179.43.189.138:57376] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tQAAAAM"]
[Fri Nov 29 00:13:42.117744 2024] [:error] [pid 3628412] [client 179.43.189.138:57376] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tQAAAAM"]
[Fri Nov 29 00:13:42.118204 2024] [:error] [pid 3628409] [client 179.43.189.138:57378] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /lib/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjgAAAAA"]
[Fri Nov 29 00:13:42.118555 2024] [:error] [pid 3628409] [client 179.43.189.138:57378] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjgAAAAA"]
[Fri Nov 29 00:13:42.118820 2024] [:error] [pid 3628409] [client 179.43.189.138:57378] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjgAAAAA"]
[Fri Nov 29 00:13:42.119425 2024] [:error] [pid 3628621] [client 179.43.189.138:57364] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8QAAAAY"]
[Fri Nov 29 00:13:42.119820 2024] [:error] [pid 3628621] [client 179.43.189.138:57364] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8QAAAAY"]
[Fri Nov 29 00:13:42.120128 2024] [:error] [pid 3628621] [client 179.43.189.138:57364] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8QAAAAY"]
[Fri Nov 29 00:13:42.121133 2024] [:error] [pid 3628411] [client 179.43.189.138:57386] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /node_modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkQAAAAI"]
[Fri Nov 29 00:13:42.121483 2024] [:error] [pid 3628411] [client 179.43.189.138:57386] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkQAAAAI"]
[Fri Nov 29 00:13:42.121763 2024] [:error] [pid 3628411] [client 179.43.189.138:57386] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkQAAAAI"]
[Fri Nov 29 00:13:42.136373 2024] [:error] [pid 3628410] [client 179.43.189.138:57398] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /bower_components/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/bower_components/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0wAAAAE"]
[Fri Nov 29 00:13:42.136709 2024] [:error] [pid 3628410] [client 179.43.189.138:57398] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bower_components/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0wAAAAE"]
[Fri Nov 29 00:13:42.136984 2024] [:error] [pid 3628410] [client 179.43.189.138:57398] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bower_components/.git/config"] [unique_id "Z0j5Jnm8KQSPFke33BTP0wAAAAE"]
[Fri Nov 29 00:13:42.161462 2024] [:error] [pid 3628423] [client 179.43.189.138:57404] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1kQAAAAU"]
[Fri Nov 29 00:13:42.161896 2024] [:error] [pid 3628423] [client 179.43.189.138:57404] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1kQAAAAU"]
[Fri Nov 29 00:13:42.162272 2024] [:error] [pid 3628423] [client 179.43.189.138:57404] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z0j5Jg52qNCqUQPzbEI1kQAAAAU"]
[Fri Nov 29 00:13:42.164506 2024] [:error] [pid 3628413] [client 179.43.189.138:57412] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shared/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlwAAAAQ"]
[Fri Nov 29 00:13:42.165655 2024] [:error] [pid 3628413] [client 179.43.189.138:57412] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlwAAAAQ"]
[Fri Nov 29 00:13:42.168726 2024] [:error] [pid 3628413] [client 179.43.189.138:57412] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.git/config"] [unique_id "Z0j5JnuSClf5hqK7deURlwAAAAQ"]
[Fri Nov 29 00:13:42.188456 2024] [:error] [pid 3628412] [client 179.43.189.138:57426] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tgAAAAM"]
[Fri Nov 29 00:13:42.188789 2024] [:error] [pid 3628409] [client 179.43.189.138:57438] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cache/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cache/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjwAAAAA"]
[Fri Nov 29 00:13:42.188892 2024] [:error] [pid 3628412] [client 179.43.189.138:57426] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tgAAAAM"]
[Fri Nov 29 00:13:42.189136 2024] [:error] [pid 3628409] [client 179.43.189.138:57438] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cache/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjwAAAAA"]
[Fri Nov 29 00:13:42.189166 2024] [:error] [pid 3628412] [client 179.43.189.138:57426] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Z0j5Jp8TNJfFMxXmIuV3tgAAAAM"]
[Fri Nov 29 00:13:42.189410 2024] [:error] [pid 3628409] [client 179.43.189.138:57438] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cache/.git/config"] [unique_id "Z0j5Jno9X3eV6ODW5yDbjwAAAAA"]
[Fri Nov 29 00:13:42.196495 2024] [:error] [pid 3628621] [client 179.43.189.138:57442] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dist/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8gAAAAY"]
[Fri Nov 29 00:13:42.196841 2024] [:error] [pid 3628621] [client 179.43.189.138:57442] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8gAAAAY"]
[Fri Nov 29 00:13:42.197088 2024] [:error] [pid 3628621] [client 179.43.189.138:57442] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "Z0j5JlLI-XWAVIgZzuog8gAAAAY"]
[Fri Nov 29 00:13:42.199881 2024] [:error] [pid 3628411] [client 179.43.189.138:57450] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /env/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkgAAAAI"]
[Fri Nov 29 00:13:42.200297 2024] [:error] [pid 3628411] [client 179.43.189.138:57450] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkgAAAAI"]
[Fri Nov 29 00:13:42.200596 2024] [:error] [pid 3628411] [client 179.43.189.138:57450] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.git/config"] [unique_id "Z0j5Jq4feGBFRzE8C9IKkgAAAAI"]
[Fri Nov 29 00:13:43.679763 2024] [:error] [pid 3628410] [client 179.43.189.138:57452] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets../.git/config"] [unique_id "Z0j5J3m8KQSPFke33BTP1AAAAAE"]
[Fri Nov 29 00:13:43.680558 2024] [:error] [pid 3628410] [client 179.43.189.138:57452] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets../.git/config"] [unique_id "Z0j5J3m8KQSPFke33BTP1AAAAAE"]
[Fri Nov 29 00:13:43.681168 2024] [:error] [pid 3628410] [client 179.43.189.138:57452] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets../.git/config"] [unique_id "Z0j5J3m8KQSPFke33BTP1AAAAAE"]
[Fri Nov 29 00:13:45.621387 2024] [:error] [pid 3628423] [client 179.43.189.138:57454] [client 179.43.189.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "Z0j5KQ52qNCqUQPzbEI1kgAAAAU"]
[Fri Nov 29 00:13:45.621659 2024] [:error] [pid 3628423] [client 179.43.189.138:57454] [client 179.43.189.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "Z0j5KQ52qNCqUQPzbEI1kgAAAAU"]
[Fri Nov 29 00:13:45.621867 2024] [:error] [pid 3628423] [client 179.43.189.138:57454] [client 179.43.189.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/events../.git/config"] [unique_id "Z0j5KQ52qNCqUQPzbEI1kgAAAAU"]
[Sun Dec 01 06:19:21.062623 2024] [:error] [pid 3676062] [client 35.159.63.21:58126] [client 35.159.63.21] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0vx2ZwQ77eSx5IObp-1vgAAAAg"]
[Sun Dec 01 06:19:21.063691 2024] [:error] [pid 3676062] [client 35.159.63.21:58126] [client 35.159.63.21] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0vx2ZwQ77eSx5IObp-1vgAAAAg"]
[Sun Dec 01 06:19:21.063962 2024] [:error] [pid 3676062] [client 35.159.63.21:58126] [client 35.159.63.21] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z0vx2ZwQ77eSx5IObp-1vgAAAAg"]
[Wed Dec 11 00:01:24.716516 2024] [:error] [pid 3886383] [client 18.156.35.7:57834] [client 18.156.35.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1jIRJ6iMfaO2lI_odrCNQAAAAE"]
[Wed Dec 11 00:01:24.717660 2024] [:error] [pid 3886383] [client 18.156.35.7:57834] [client 18.156.35.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1jIRJ6iMfaO2lI_odrCNQAAAAE"]
[Wed Dec 11 00:01:24.717938 2024] [:error] [pid 3886383] [client 18.156.35.7:57834] [client 18.156.35.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1jIRJ6iMfaO2lI_odrCNQAAAAE"]
[Wed Dec 11 01:15:17.169639 2024] [:error] [pid 3886385] [client 103.102.230.8:40310] [client 103.102.230.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1jZlc_K5tN6Qxq7Kpw6-AAAAAM"]
[Wed Dec 11 01:15:17.170393 2024] [:error] [pid 3886385] [client 103.102.230.8:40310] [client 103.102.230.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1jZlc_K5tN6Qxq7Kpw6-AAAAAM"]
[Wed Dec 11 01:15:17.170829 2024] [:error] [pid 3886385] [client 103.102.230.8:40310] [client 103.102.230.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z1jZlc_K5tN6Qxq7Kpw6-AAAAAM"]
[Mon Dec 30 03:02:40.965485 2024] [authz_core:error] [pid 135543] [client 167.99.182.39:36062] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Mon Dec 30 03:02:41.938873 2024] [:error] [pid 135567] [client 167.99.182.39:36084] [client 167.99.182.39] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z3H_QXzb8KRxgJmseY93ywAAAA4"]
[Mon Dec 30 03:02:41.939468 2024] [:error] [pid 135567] [client 167.99.182.39:36084] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z3H_QXzb8KRxgJmseY93ywAAAA4"]
[Mon Dec 30 03:02:41.940143 2024] [:error] [pid 135567] [client 167.99.182.39:36084] [client 167.99.182.39] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z3H_QXzb8KRxgJmseY93ywAAAA4"]
[Mon Dec 30 03:02:42.262622 2024] [:error] [pid 135569] [client 167.99.182.39:36094] [client 167.99.182.39] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3H_QpzGejKJeqTP-gTpNwAAABA"]
[Mon Dec 30 03:02:42.263254 2024] [:error] [pid 135569] [client 167.99.182.39:36094] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3H_QpzGejKJeqTP-gTpNwAAABA"]
[Mon Dec 30 03:02:42.263754 2024] [:error] [pid 135569] [client 167.99.182.39:36094] [client 167.99.182.39] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3H_QpzGejKJeqTP-gTpNwAAABA"]
[Mon Dec 30 03:02:42.585462 2024] [:error] [pid 135571] [client 167.99.182.39:36100] [client 167.99.182.39] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3H_QhG6k9y2eDGmW5bjswAAABI"]
[Mon Dec 30 03:02:42.586054 2024] [:error] [pid 135571] [client 167.99.182.39:36100] [client 167.99.182.39] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3H_QhG6k9y2eDGmW5bjswAAABI"]
[Mon Dec 30 03:02:42.586591 2024] [:error] [pid 135571] [client 167.99.182.39:36100] [client 167.99.182.39] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3H_QhG6k9y2eDGmW5bjswAAABI"]
[Mon Dec 30 10:12:55.202294 2024] [:error] [pid 135567] [client 213.152.176.252:59505] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3JkF3zb8KRxgJmseY934AAAAA4"]
[Mon Dec 30 10:12:55.202805 2024] [:error] [pid 135567] [client 213.152.176.252:59505] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3JkF3zb8KRxgJmseY934AAAAA4"]
[Mon Dec 30 10:12:55.203229 2024] [:error] [pid 135567] [client 213.152.176.252:59505] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3JkF3zb8KRxgJmseY934AAAAA4"]
[Mon Dec 30 10:12:55.206322 2024] [:error] [pid 135570] [client 213.152.176.252:56021] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "Z3JkF8ZsCcvj_sdWRK9tTgAAABE"]
[Mon Dec 30 10:12:55.206931 2024] [:error] [pid 135570] [client 213.152.176.252:56021] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "Z3JkF8ZsCcvj_sdWRK9tTgAAABE"]
[Mon Dec 30 10:12:55.207262 2024] [:error] [pid 135570] [client 213.152.176.252:56021] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "Z3JkF8ZsCcvj_sdWRK9tTgAAABE"]
[Mon Dec 30 10:12:55.207760 2024] [:error] [pid 135573] [client 213.152.176.252:29175] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzRwAAABQ"]
[Mon Dec 30 10:12:55.208500 2024] [:error] [pid 135573] [client 213.152.176.252:29175] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzRwAAABQ"]
[Mon Dec 30 10:12:55.208907 2024] [:error] [pid 135573] [client 213.152.176.252:29175] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzRwAAABQ"]
[Mon Dec 30 10:12:55.210998 2024] [:error] [pid 135543] [client 213.152.176.252:22967] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "Z3JkFwsKCdEAF535Xf-FoAAAAAQ"]
[Mon Dec 30 10:12:55.211281 2024] [:error] [pid 135543] [client 213.152.176.252:22967] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "Z3JkFwsKCdEAF535Xf-FoAAAAAQ"]
[Mon Dec 30 10:12:55.211458 2024] [:error] [pid 135543] [client 213.152.176.252:22967] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "Z3JkFwsKCdEAF535Xf-FoAAAAAQ"]
[Mon Dec 30 10:12:55.211467 2024] [:error] [pid 135569] [client 213.152.176.252:62775] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z3JkF5zGejKJeqTP-gTpSAAAABA"]
[Mon Dec 30 10:12:55.211712 2024] [:error] [pid 135569] [client 213.152.176.252:62775] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z3JkF5zGejKJeqTP-gTpSAAAABA"]
[Mon Dec 30 10:12:55.211878 2024] [:error] [pid 135569] [client 213.152.176.252:62775] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z3JkF5zGejKJeqTP-gTpSAAAABA"]
[Mon Dec 30 10:12:55.213675 2024] [:error] [pid 135565] [client 213.152.176.252:36149] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z3JkF5zgaVMtp564uKwzjAAAAAw"]
[Mon Dec 30 10:12:55.213962 2024] [:error] [pid 135565] [client 213.152.176.252:36149] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z3JkF5zgaVMtp564uKwzjAAAAAw"]
[Mon Dec 30 10:12:55.214200 2024] [:error] [pid 135565] [client 213.152.176.252:36149] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z3JkF5zgaVMtp564uKwzjAAAAAw"]
[Mon Dec 30 10:12:55.305910 2024] [:error] [pid 135567] [client 213.152.176.252:32925] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z3JkF3zb8KRxgJmseY934QAAAA4"]
[Mon Dec 30 10:12:55.306333 2024] [:error] [pid 135567] [client 213.152.176.252:32925] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z3JkF3zb8KRxgJmseY934QAAAA4"]
[Mon Dec 30 10:12:55.306618 2024] [:error] [pid 135543] [client 213.152.176.252:57349] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z3JkFwsKCdEAF535Xf-FoQAAAAQ"]
[Mon Dec 30 10:12:55.307343 2024] [:error] [pid 135543] [client 213.152.176.252:57349] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z3JkFwsKCdEAF535Xf-FoQAAAAQ"]
[Mon Dec 30 10:12:55.307777 2024] [:error] [pid 135543] [client 213.152.176.252:57349] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z3JkFwsKCdEAF535Xf-FoQAAAAQ"]
[Mon Dec 30 10:12:55.310877 2024] [:error] [pid 135573] [client 213.152.176.252:53201] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSAAAABQ"]
[Mon Dec 30 10:12:55.311283 2024] [:error] [pid 135573] [client 213.152.176.252:53201] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSAAAABQ"]
[Mon Dec 30 10:12:55.311681 2024] [:error] [pid 135573] [client 213.152.176.252:53201] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSAAAABQ"]
[Mon Dec 30 10:12:55.306610 2024] [:error] [pid 135567] [client 213.152.176.252:32925] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z3JkF3zb8KRxgJmseY934QAAAA4"]
[Mon Dec 30 10:12:55.311959 2024] [:error] [pid 135573] [client 213.152.176.252:53201] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSAAAABQ"]
[Mon Dec 30 10:12:55.417111 2024] [authz_core:error] [pid 135567] [client 213.152.176.252:48901] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Mon Dec 30 10:12:55.435006 2024] [:error] [pid 135564] [client 213.152.176.252:41083] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z3JkF9KE20tyYF1f-KPhuQAAAAs"]
[Mon Dec 30 10:12:55.435285 2024] [:error] [pid 135564] [client 213.152.176.252:41083] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z3JkF9KE20tyYF1f-KPhuQAAAAs"]
[Mon Dec 30 10:12:55.435506 2024] [:error] [pid 135564] [client 213.152.176.252:41083] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z3JkF9KE20tyYF1f-KPhuQAAAAs"]
[Mon Dec 30 10:12:55.443205 2024] [:error] [pid 135573] [client 213.152.176.252:57531] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSQAAABQ"]
[Mon Dec 30 10:12:55.443448 2024] [:error] [pid 135573] [client 213.152.176.252:57531] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSQAAABQ"]
[Mon Dec 30 10:12:55.443586 2024] [:error] [pid 135573] [client 213.152.176.252:57531] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSQAAABQ"]
[Mon Dec 30 10:12:55.497258 2024] [:error] [pid 135539] [client 213.152.176.252:54073] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3JkF4PgXbY9PR0iD-nivgAAAAA"]
[Mon Dec 30 10:12:55.497747 2024] [:error] [pid 135539] [client 213.152.176.252:54073] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3JkF4PgXbY9PR0iD-nivgAAAAA"]
[Mon Dec 30 10:12:55.498194 2024] [:error] [pid 135539] [client 213.152.176.252:54073] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3JkF4PgXbY9PR0iD-nivgAAAAA"]
[Mon Dec 30 10:12:55.500971 2024] [:error] [pid 135567] [client 213.152.176.252:40141] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z3JkF3zb8KRxgJmseY934wAAAA4"]
[Mon Dec 30 10:12:55.501726 2024] [:error] [pid 135567] [client 213.152.176.252:40141] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z3JkF3zb8KRxgJmseY934wAAAA4"]
[Mon Dec 30 10:12:55.502163 2024] [:error] [pid 135567] [client 213.152.176.252:40141] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z3JkF3zb8KRxgJmseY934wAAAA4"]
[Mon Dec 30 10:12:55.505381 2024] [:error] [pid 135565] [client 213.152.176.252:22839] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z3JkF5zgaVMtp564uKwzjwAAAAw"]
[Mon Dec 30 10:12:55.505751 2024] [:error] [pid 135565] [client 213.152.176.252:22839] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z3JkF5zgaVMtp564uKwzjwAAAAw"]
[Mon Dec 30 10:12:55.505948 2024] [:error] [pid 135565] [client 213.152.176.252:22839] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z3JkF5zgaVMtp564uKwzjwAAAAw"]
[Mon Dec 30 10:12:55.531742 2024] [:error] [pid 135569] [client 213.152.176.252:2725] [client 213.152.176.252] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z3JkF5zGejKJeqTP-gTpSwAAABA"]
[Mon Dec 30 10:12:55.533285 2024] [:error] [pid 135573] [client 213.152.176.252:11275] [client 213.152.176.252] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSgAAABQ"]
[Mon Dec 30 10:12:55.533541 2024] [:error] [pid 135573] [client 213.152.176.252:11275] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSgAAABQ"]
[Mon Dec 30 10:12:55.533772 2024] [:error] [pid 135573] [client 213.152.176.252:11275] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z3JkF5Yl2GjA6WDZA9pzSgAAABQ"]
[Mon Dec 30 10:12:55.535608 2024] [:error] [pid 137539] [client 213.152.176.252:51731] [client 213.152.176.252] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z3JkFx1QxdulRJf95GGeAAAAAAE"]
[Mon Dec 30 10:12:55.535697 2024] [:error] [pid 135560] [client 213.152.176.252:21845] [client 213.152.176.252] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z3JkF1RHHf7r0I-OjMDOywAAAAc"]
[Mon Dec 30 10:12:55.535846 2024] [:error] [pid 137539] [client 213.152.176.252:51731] [client 213.152.176.252] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z3JkFx1QxdulRJf95GGeAAAAAAE"]
[Mon Dec 30 10:12:55.536105 2024] [:error] [pid 137539] [client 213.152.176.252:51731] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z3JkFx1QxdulRJf95GGeAAAAAAE"]
[Mon Dec 30 10:12:55.536104 2024] [:error] [pid 135560] [client 213.152.176.252:21845] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z3JkF1RHHf7r0I-OjMDOywAAAAc"]
[Mon Dec 30 10:12:55.536370 2024] [:error] [pid 137539] [client 213.152.176.252:51731] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z3JkFx1QxdulRJf95GGeAAAAAAE"]
[Mon Dec 30 10:12:55.536496 2024] [:error] [pid 135560] [client 213.152.176.252:21845] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z3JkF1RHHf7r0I-OjMDOywAAAAc"]
[Mon Dec 30 10:12:55.537195 2024] [:error] [pid 135569] [client 213.152.176.252:2725] [client 213.152.176.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z3JkF5zGejKJeqTP-gTpSwAAABA"]
[Mon Dec 30 10:12:55.537435 2024] [:error] [pid 135569] [client 213.152.176.252:2725] [client 213.152.176.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z3JkF5zGejKJeqTP-gTpSwAAABA"]
[Mon Dec 30 16:47:51.352862 2024] [:error] [pid 135560] [client 45.148.10.86:50062] [client 45.148.10.86] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3LAp1RHHf7r0I-OjMDO2AAAAAc"]
[Mon Dec 30 16:47:51.353702 2024] [:error] [pid 135560] [client 45.148.10.86:50062] [client 45.148.10.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3LAp1RHHf7r0I-OjMDO2AAAAAc"]
[Mon Dec 30 16:47:51.354145 2024] [:error] [pid 135560] [client 45.148.10.86:50062] [client 45.148.10.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3LAp1RHHf7r0I-OjMDO2AAAAAc"]
[Mon Dec 30 17:38:15.650791 2024] [:error] [pid 135569] [client 45.148.10.172:41080] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3LMd5zGejKJeqTP-gTpWwAAABA"]
[Mon Dec 30 17:38:15.651455 2024] [:error] [pid 135569] [client 45.148.10.172:41080] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3LMd5zGejKJeqTP-gTpWwAAABA"]
[Mon Dec 30 17:38:15.652002 2024] [:error] [pid 135569] [client 45.148.10.172:41080] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3LMd5zGejKJeqTP-gTpWwAAABA"]
[Tue Dec 31 00:36:27.515970 2024] [:error] [pid 154548] [client 207.32.217.247:35832] [client 207.32.217.247] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3Mue7yfj5sMhs9iWLV7xgAAAAE"]
[Tue Dec 31 00:36:27.516617 2024] [:error] [pid 154548] [client 207.32.217.247:35832] [client 207.32.217.247] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3Mue7yfj5sMhs9iWLV7xgAAAAE"]
[Tue Dec 31 00:36:27.517061 2024] [:error] [pid 154548] [client 207.32.217.247:35832] [client 207.32.217.247] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3Mue7yfj5sMhs9iWLV7xgAAAAE"]
[Tue Dec 31 02:38:25.523156 2024] [:error] [pid 154526] [client 45.148.10.172:53206] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3NLEa8w4Q567WJFeGTQewAAAAs"]
[Tue Dec 31 02:38:25.524023 2024] [:error] [pid 154526] [client 45.148.10.172:53206] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3NLEa8w4Q567WJFeGTQewAAAAs"]
[Tue Dec 31 02:38:25.524400 2024] [:error] [pid 154526] [client 45.148.10.172:53206] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3NLEa8w4Q567WJFeGTQewAAAAs"]
[Tue Dec 31 10:58:38.498494 2024] [:error] [pid 158616] [client 154.216.16.113:64039] [client 154.216.16.113] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3PAThL_0vHf-LQpHA-qCAAAABA"]
[Tue Dec 31 10:58:38.499364 2024] [:error] [pid 158616] [client 154.216.16.113:64039] [client 154.216.16.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3PAThL_0vHf-LQpHA-qCAAAABA"]
[Tue Dec 31 10:58:38.499879 2024] [:error] [pid 158616] [client 154.216.16.113:64039] [client 154.216.16.113] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3PAThL_0vHf-LQpHA-qCAAAABA"]
[Tue Dec 31 15:37:02.336439 2024] [:error] [pid 158613] [client 45.148.10.86:44130] [client 45.148.10.86] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3QBjl-BYu55Murgp4-7LQAAAAs"]
[Tue Dec 31 15:37:02.337252 2024] [:error] [pid 158613] [client 45.148.10.86:44130] [client 45.148.10.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3QBjl-BYu55Murgp4-7LQAAAAs"]
[Tue Dec 31 15:37:02.337714 2024] [:error] [pid 158613] [client 45.148.10.86:44130] [client 45.148.10.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3QBjl-BYu55Murgp4-7LQAAAAs"]
[Tue Dec 31 21:18:04.025000 2024] [:error] [pid 158586] [client 93.123.109.193:45646] [client 93.123.109.193] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3RRfOsnglL_Enj0wUUJvwAAACg"]
[Tue Dec 31 21:18:04.025289 2024] [:error] [pid 158586] [client 93.123.109.193:45646] [client 93.123.109.193] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3RRfOsnglL_Enj0wUUJvwAAACg"]
[Tue Dec 31 21:18:04.025467 2024] [:error] [pid 158586] [client 93.123.109.193:45646] [client 93.123.109.193] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3RRfOsnglL_Enj0wUUJvwAAACg"]
[Thu Jan 02 18:56:19.875329 2025] [:error] [pid 202488] [client 13.203.154.127:46688] [client 13.203.154.127] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3bTQyFP2_vrs-S7rXrTygAAAA0"]
[Thu Jan 02 18:56:19.877711 2025] [:error] [pid 202488] [client 13.203.154.127:46688] [client 13.203.154.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3bTQyFP2_vrs-S7rXrTygAAAA0"]
[Thu Jan 02 18:56:19.878203 2025] [:error] [pid 202488] [client 13.203.154.127:46688] [client 13.203.154.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3bTQyFP2_vrs-S7rXrTygAAAA0"]
[Fri Jan 03 20:30:19.922842 2025] [:error] [pid 222322] [client 103.150.186.126:58418] [client 103.150.186.126] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3g6y4WTwKw3vGpCHKiR1AAAAAU"]
[Fri Jan 03 20:30:19.923671 2025] [:error] [pid 222322] [client 103.150.186.126:58418] [client 103.150.186.126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3g6y4WTwKw3vGpCHKiR1AAAAAU"]
[Fri Jan 03 20:30:19.924250 2025] [:error] [pid 222322] [client 103.150.186.126:58418] [client 103.150.186.126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3g6y4WTwKw3vGpCHKiR1AAAAAU"]
[Sat Jan 04 10:00:21.845500 2025] [:error] [pid 243649] [client 194.88.99.89:56848] [client 194.88.99.89] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3j4pVq0fqTL7rTndjS_SQAAAAU"], referer: http://pms.test.indacotrentino.com:80/.env
[Sat Jan 04 10:00:21.846730 2025] [:error] [pid 243649] [client 194.88.99.89:56848] [client 194.88.99.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3j4pVq0fqTL7rTndjS_SQAAAAU"], referer: http://pms.test.indacotrentino.com:80/.env
[Sat Jan 04 10:00:21.847073 2025] [:error] [pid 243649] [client 194.88.99.89:56848] [client 194.88.99.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3j4pVq0fqTL7rTndjS_SQAAAAU"], referer: http://pms.test.indacotrentino.com:80/.env
[Sun Jan 05 11:48:13.071680 2025] [:error] [pid 265376] [client 13.203.154.127:53656] [client 13.203.154.127] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3pjbR9oJBZiN5YoBQCPzQAAAAk"]
[Sun Jan 05 11:48:13.072588 2025] [:error] [pid 265376] [client 13.203.154.127:53656] [client 13.203.154.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3pjbR9oJBZiN5YoBQCPzQAAAAk"]
[Sun Jan 05 11:48:13.073058 2025] [:error] [pid 265376] [client 13.203.154.127:53656] [client 13.203.154.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3pjbR9oJBZiN5YoBQCPzQAAAAk"]
[Sun Jan 05 18:09:53.333979 2025] [:error] [pid 265379] [client 43.201.65.78:51840] [client 43.201.65.78] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3q84WUpbbDmgnmLJ8VOgAAAAAw"]
[Sun Jan 05 18:09:53.334681 2025] [:error] [pid 265379] [client 43.201.65.78:51840] [client 43.201.65.78] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3q84WUpbbDmgnmLJ8VOgAAAAAw"]
[Sun Jan 05 18:09:53.335098 2025] [:error] [pid 265379] [client 43.201.65.78:51840] [client 43.201.65.78] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3q84WUpbbDmgnmLJ8VOgAAAAAw"]
[Sun Jan 05 19:10:15.325181 2025] [:error] [pid 265393] [client 45.130.203.185:33199] [client 45.130.203.185] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3rLB2IS553zFSWqHzc22wAAAAI"]
[Sun Jan 05 19:10:15.325666 2025] [:error] [pid 265393] [client 45.130.203.185:33199] [client 45.130.203.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3rLB2IS553zFSWqHzc22wAAAAI"]
[Sun Jan 05 19:10:15.326131 2025] [:error] [pid 265393] [client 45.130.203.185:33199] [client 45.130.203.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3rLB2IS553zFSWqHzc22wAAAAI"]
[Sun Jan 05 22:36:20.439700 2025] [:error] [pid 265376] [client 54.227.76.10:48632] [client 54.227.76.10] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3r7VB9oJBZiN5YoBQCP5AAAAAk"]
[Sun Jan 05 22:36:20.440115 2025] [:error] [pid 265376] [client 54.227.76.10:48632] [client 54.227.76.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3r7VB9oJBZiN5YoBQCP5AAAAAk"]
[Sun Jan 05 22:36:20.440303 2025] [:error] [pid 265376] [client 54.227.76.10:48632] [client 54.227.76.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z3r7VB9oJBZiN5YoBQCP5AAAAAk"]
[Mon Jan 06 11:18:33.190938 2025] [:error] [pid 286471] [client 45.130.203.237:24955] [client 45.130.203.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut-fkM3abCDjp4knqROwAAAAU"]
[Mon Jan 06 11:18:33.191474 2025] [:error] [pid 286471] [client 45.130.203.237:24955] [client 45.130.203.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut-fkM3abCDjp4knqROwAAAAU"]
[Mon Jan 06 11:18:33.191939 2025] [:error] [pid 286471] [client 45.130.203.237:24955] [client 45.130.203.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z3ut-fkM3abCDjp4knqROwAAAAU"]
[Mon Jan 06 12:04:34.595773 2025] [:error] [pid 287916] [client 45.130.203.193:61815] [client 45.130.203.193] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3u4wtC8EdcJpJkbF48hZAAAAAY"]
[Mon Jan 06 12:04:34.596300 2025] [:error] [pid 287916] [client 45.130.203.193:61815] [client 45.130.203.193] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3u4wtC8EdcJpJkbF48hZAAAAAY"]
[Mon Jan 06 12:04:34.596770 2025] [:error] [pid 287916] [client 45.130.203.193:61815] [client 45.130.203.193] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z3u4wtC8EdcJpJkbF48hZAAAAAY"]
[Tue Jan 07 21:11:06.311225 2025] [:error] [pid 322329] [client 64.95.13.45:57314] [client 64.95.13.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z32KWsHHEv2kOJu8yu-lewAAAAg"]
[Tue Jan 07 21:11:06.313378 2025] [:error] [pid 322329] [client 64.95.13.45:57314] [client 64.95.13.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z32KWsHHEv2kOJu8yu-lewAAAAg"]
[Tue Jan 07 21:11:06.313873 2025] [:error] [pid 322329] [client 64.95.13.45:57314] [client 64.95.13.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z32KWsHHEv2kOJu8yu-lewAAAAg"]
[Sat Jan 11 23:39:48.546031 2025] [:error] [pid 412073] [client 34.209.141.8:52822] [client 34.209.141.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4LzNLaN1YzbE6nP5Z67FQAAAAc"]
[Sat Jan 11 23:39:48.547904 2025] [:error] [pid 412073] [client 34.209.141.8:52822] [client 34.209.141.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4LzNLaN1YzbE6nP5Z67FQAAAAc"]
[Sat Jan 11 23:39:48.548327 2025] [:error] [pid 412073] [client 34.209.141.8:52822] [client 34.209.141.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4LzNLaN1YzbE6nP5Z67FQAAAAc"]
[Sun Jan 12 03:52:01.414107 2025] [:error] [pid 416184] [client 109.205.213.58:50720] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z4MuUSrMBb5jmSOFZpL5GQAAAAA"]
[Sun Jan 12 03:52:01.415025 2025] [:error] [pid 416184] [client 109.205.213.58:50720] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z4MuUSrMBb5jmSOFZpL5GQAAAAA"]
[Sun Jan 12 03:52:01.415501 2025] [:error] [pid 416184] [client 109.205.213.58:50720] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z4MuUSrMBb5jmSOFZpL5GQAAAAA"]
[Sun Jan 12 03:52:01.863281 2025] [:error] [pid 416207] [client 109.205.213.58:50722] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z4MuUXTQenmWZbzeIZp7GgAAAAU"]
[Sun Jan 12 03:52:01.863923 2025] [:error] [pid 416207] [client 109.205.213.58:50722] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z4MuUXTQenmWZbzeIZp7GgAAAAU"]
[Sun Jan 12 03:52:01.864509 2025] [:error] [pid 416207] [client 109.205.213.58:50722] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z4MuUXTQenmWZbzeIZp7GgAAAAU"]
[Sun Jan 12 03:52:03.278597 2025] [:error] [pid 416187] [client 109.205.213.58:50758] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z4MuU_eUzzDyvBXMr_lI3gAAAAM"]
[Sun Jan 12 03:52:03.278982 2025] [:error] [pid 416187] [client 109.205.213.58:50758] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z4MuU_eUzzDyvBXMr_lI3gAAAAM"]
[Sun Jan 12 03:52:03.279224 2025] [:error] [pid 416187] [client 109.205.213.58:50758] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z4MuU_eUzzDyvBXMr_lI3gAAAAM"]
[Sun Jan 12 03:52:03.720267 2025] [:error] [pid 416188] [client 109.205.213.58:50760] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z4MuU9oFLczISO4zxoBv6AAAAAQ"]
[Sun Jan 12 03:52:03.720890 2025] [:error] [pid 416188] [client 109.205.213.58:50760] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z4MuU9oFLczISO4zxoBv6AAAAAQ"]
[Sun Jan 12 03:52:03.721363 2025] [:error] [pid 416188] [client 109.205.213.58:50760] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z4MuU9oFLczISO4zxoBv6AAAAAQ"]
[Sun Jan 12 03:52:04.048423 2025] [:error] [pid 416185] [client 109.205.213.58:50762] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z4MuVJuxCxtSO2ix-aIAOAAAAAE"]
[Sun Jan 12 03:52:04.049067 2025] [:error] [pid 416185] [client 109.205.213.58:50762] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z4MuVJuxCxtSO2ix-aIAOAAAAAE"]
[Sun Jan 12 03:52:04.049526 2025] [:error] [pid 416185] [client 109.205.213.58:50762] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z4MuVJuxCxtSO2ix-aIAOAAAAAE"]
[Sun Jan 12 03:52:04.378770 2025] [:error] [pid 416184] [client 109.205.213.58:50764] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z4MuVCrMBb5jmSOFZpL5GgAAAAA"]
[Sun Jan 12 03:52:04.379358 2025] [:error] [pid 416184] [client 109.205.213.58:50764] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z4MuVCrMBb5jmSOFZpL5GgAAAAA"]
[Sun Jan 12 03:52:04.379792 2025] [:error] [pid 416184] [client 109.205.213.58:50764] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z4MuVCrMBb5jmSOFZpL5GgAAAAA"]
[Sun Jan 12 03:52:04.815924 2025] [:error] [pid 416207] [client 109.205.213.58:50780] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z4MuVHTQenmWZbzeIZp7GwAAAAU"]
[Sun Jan 12 03:52:04.816535 2025] [:error] [pid 416207] [client 109.205.213.58:50780] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z4MuVHTQenmWZbzeIZp7GwAAAAU"]
[Sun Jan 12 03:52:04.816998 2025] [:error] [pid 416207] [client 109.205.213.58:50780] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z4MuVHTQenmWZbzeIZp7GwAAAAU"]
[Sun Jan 12 03:52:05.155409 2025] [:error] [pid 416186] [client 109.205.213.58:50786] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z4MuVSRxjhQv01_So6u3CwAAAAI"]
[Sun Jan 12 03:52:05.155983 2025] [:error] [pid 416186] [client 109.205.213.58:50786] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z4MuVSRxjhQv01_So6u3CwAAAAI"]
[Sun Jan 12 03:52:05.156485 2025] [:error] [pid 416186] [client 109.205.213.58:50786] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z4MuVSRxjhQv01_So6u3CwAAAAI"]
[Sun Jan 12 03:52:05.489042 2025] [:error] [pid 416210] [client 109.205.213.58:50792] [client 109.205.213.58] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z4MuVfPAiWHeVRqEb61gMwAAAAY"]
[Sun Jan 12 03:52:05.489729 2025] [:error] [pid 416210] [client 109.205.213.58:50792] [client 109.205.213.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z4MuVfPAiWHeVRqEb61gMwAAAAY"]
[Sun Jan 12 03:52:05.490290 2025] [:error] [pid 416210] [client 109.205.213.58:50792] [client 109.205.213.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z4MuVfPAiWHeVRqEb61gMwAAAAY"]
[Sun Jan 12 22:13:00.943504 2025] [:error] [pid 416185] [client 45.148.10.172:41110] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z4QwXJuxCxtSO2ix-aIAoQAAAAE"]
[Sun Jan 12 22:13:00.949381 2025] [:error] [pid 416185] [client 45.148.10.172:41110] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z4QwXJuxCxtSO2ix-aIAoQAAAAE"]
[Sun Jan 12 22:13:00.949664 2025] [:error] [pid 416185] [client 45.148.10.172:41110] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z4QwXJuxCxtSO2ix-aIAoQAAAAE"]
[Wed Jan 15 18:43:04.664049 2025] [:error] [pid 486747] [client 35.77.33.14:42496] [client 35.77.33.14] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4fzqDU0JVKWBLdbK-asOwAAAAA"]
[Wed Jan 15 18:43:04.665996 2025] [:error] [pid 486747] [client 35.77.33.14:42496] [client 35.77.33.14] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4fzqDU0JVKWBLdbK-asOwAAAAA"]
[Wed Jan 15 18:43:04.666649 2025] [:error] [pid 486747] [client 35.77.33.14:42496] [client 35.77.33.14] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4fzqDU0JVKWBLdbK-asOwAAAAA"]
[Wed Jan 15 20:40:02.646343 2025] [:error] [pid 489190] [client 103.102.230.8:58858] [client 103.102.230.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4gPEvGQNR7qDEtyIGfFowAAAAE"]
[Wed Jan 15 20:40:02.646902 2025] [:error] [pid 489190] [client 103.102.230.8:58858] [client 103.102.230.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4gPEvGQNR7qDEtyIGfFowAAAAE"]
[Wed Jan 15 20:40:02.647360 2025] [:error] [pid 489190] [client 103.102.230.8:58858] [client 103.102.230.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4gPEvGQNR7qDEtyIGfFowAAAAE"]
[Thu Jan 16 14:20:44.008841 2025] [:error] [pid 507252] [client 45.135.232.70:48050] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNpwAAAAc"]
[Thu Jan 16 14:20:44.010763 2025] [:error] [pid 507252] [client 45.135.232.70:48050] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNpwAAAAc"]
[Thu Jan 16 14:20:44.011305 2025] [:error] [pid 507252] [client 45.135.232.70:48050] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNpwAAAAc"]
[Thu Jan 16 14:20:44.012754 2025] [:error] [pid 510615] [client 45.135.232.70:48110] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/services/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/services/mail/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0qwAAAAk"]
[Thu Jan 16 14:20:44.013336 2025] [:error] [pid 510615] [client 45.135.232.70:48110] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/services/mail/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0qwAAAAk"]
[Thu Jan 16 14:20:44.013614 2025] [:error] [pid 510615] [client 45.135.232.70:48110] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/services/mail/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0qwAAAAk"]
[Thu Jan 16 14:20:44.017852 2025] [:error] [pid 510637] [client 45.135.232.70:48020] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/email/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/email/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbQAAAA8"]
[Thu Jan 16 14:20:44.018627 2025] [:error] [pid 510631] [client 45.135.232.70:48282] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExUwAAAA4"]
[Thu Jan 16 14:20:44.018912 2025] [:error] [pid 510631] [client 45.135.232.70:48282] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExUwAAAA4"]
[Thu Jan 16 14:20:44.019170 2025] [:error] [pid 510631] [client 45.135.232.70:48282] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExUwAAAA4"]
[Thu Jan 16 14:20:44.020934 2025] [:error] [pid 510616] [client 45.135.232.70:48026] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MAAAAAo"]
[Thu Jan 16 14:20:44.021211 2025] [:error] [pid 510616] [client 45.135.232.70:48026] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MAAAAAo"]
[Thu Jan 16 14:20:44.021396 2025] [:error] [pid 510616] [client 45.135.232.70:48026] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MAAAAAo"]
[Thu Jan 16 14:20:44.023140 2025] [:error] [pid 500655] [client 45.135.232.70:48172] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzeQAAAAM"]
[Thu Jan 16 14:20:44.023365 2025] [:error] [pid 500655] [client 45.135.232.70:48172] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzeQAAAAM"]
[Thu Jan 16 14:20:44.023553 2025] [:error] [pid 500655] [client 45.135.232.70:48172] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzeQAAAAM"]
[Thu Jan 16 14:20:44.024055 2025] [:error] [pid 510629] [client 45.135.232.70:48216] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozAAAAAw"]
[Thu Jan 16 14:20:44.024230 2025] [:error] [pid 510629] [client 45.135.232.70:48216] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozAAAAAw"]
[Thu Jan 16 14:20:44.024375 2025] [:error] [pid 510629] [client 45.135.232.70:48216] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozAAAAAw"]
[Thu Jan 16 14:20:44.024776 2025] [:error] [pid 501744] [client 45.135.232.70:48156] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFAAAAAY"]
[Thu Jan 16 14:20:44.025035 2025] [:error] [pid 501744] [client 45.135.232.70:48156] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFAAAAAY"]
[Thu Jan 16 14:20:44.025074 2025] [:error] [pid 510617] [client 45.135.232.70:48022] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/services/smtp/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/services/smtp/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiIgAAAAs"]
[Thu Jan 16 14:20:44.025243 2025] [:error] [pid 501744] [client 45.135.232.70:48156] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFAAAAAY"]
[Thu Jan 16 14:20:44.025259 2025] [:error] [pid 510617] [client 45.135.232.70:48022] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/services/smtp/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiIgAAAAs"]
[Thu Jan 16 14:20:44.025416 2025] [:error] [pid 510617] [client 45.135.232.70:48022] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/services/smtp/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiIgAAAAs"]
[Thu Jan 16 14:20:44.025945 2025] [:error] [pid 510637] [client 45.135.232.70:48020] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/email/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbQAAAA8"]
[Thu Jan 16 14:20:44.026153 2025] [:error] [pid 510637] [client 45.135.232.70:48020] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/email/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbQAAAA8"]
[Thu Jan 16 14:20:44.026523 2025] [:error] [pid 500653] [client 45.135.232.70:48072] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/services/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/services/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNAgAAAAE"]
[Thu Jan 16 14:20:44.026675 2025] [:error] [pid 500653] [client 45.135.232.70:48072] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/services/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNAgAAAAE"]
[Thu Jan 16 14:20:44.026831 2025] [:error] [pid 500653] [client 45.135.232.70:48072] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/services/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNAgAAAAE"]
[Thu Jan 16 14:20:44.123975 2025] [:error] [pid 507252] [client 45.135.232.70:48248] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /scheduled/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/scheduled/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqAAAAAc"]
[Thu Jan 16 14:20:44.124587 2025] [:error] [pid 507252] [client 45.135.232.70:48248] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/scheduled/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqAAAAAc"]
[Thu Jan 16 14:20:44.125192 2025] [:error] [pid 507252] [client 45.135.232.70:48248] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/scheduled/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqAAAAAc"]
[Thu Jan 16 14:20:44.127250 2025] [:error] [pid 510615] [client 45.135.232.70:48196] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rAAAAAk"]
[Thu Jan 16 14:20:44.127852 2025] [:error] [pid 510615] [client 45.135.232.70:48196] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rAAAAAk"]
[Thu Jan 16 14:20:44.128207 2025] [:error] [pid 510631] [client 45.135.232.70:48366] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVAAAAA4"]
[Thu Jan 16 14:20:44.128249 2025] [:error] [pid 510615] [client 45.135.232.70:48196] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rAAAAAk"]
[Thu Jan 16 14:20:44.128803 2025] [:error] [pid 510631] [client 45.135.232.70:48366] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVAAAAA4"]
[Thu Jan 16 14:20:44.129281 2025] [:error] [pid 510631] [client 45.135.232.70:48366] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVAAAAA4"]
[Thu Jan 16 14:20:44.138440 2025] [:error] [pid 510629] [client 45.135.232.70:48278] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozQAAAAw"]
[Thu Jan 16 14:20:44.138870 2025] [:error] [pid 510629] [client 45.135.232.70:48278] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozQAAAAw"]
[Thu Jan 16 14:20:44.139148 2025] [:error] [pid 510629] [client 45.135.232.70:48278] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozQAAAAw"]
[Thu Jan 16 14:20:44.140219 2025] [:error] [pid 500655] [client 45.135.232.70:48374] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/email/mailjet/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/mailjet/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzegAAAAM"]
[Thu Jan 16 14:20:44.140244 2025] [:error] [pid 510616] [client 45.135.232.70:48250] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MQAAAAo"]
[Thu Jan 16 14:20:44.140594 2025] [:error] [pid 500655] [client 45.135.232.70:48374] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/mailjet/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzegAAAAM"]
[Thu Jan 16 14:20:44.140624 2025] [:error] [pid 510616] [client 45.135.232.70:48250] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MQAAAAo"]
[Thu Jan 16 14:20:44.140991 2025] [:error] [pid 500655] [client 45.135.232.70:48374] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/mailjet/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzegAAAAM"]
[Thu Jan 16 14:20:44.142616 2025] [:error] [pid 501744] [client 45.135.232.70:48292] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFQAAAAY"]
[Thu Jan 16 14:20:44.143019 2025] [:error] [pid 501744] [client 45.135.232.70:48292] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFQAAAAY"]
[Thu Jan 16 14:20:44.143320 2025] [:error] [pid 501744] [client 45.135.232.70:48292] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFQAAAAY"]
[Thu Jan 16 14:20:44.143687 2025] [:error] [pid 510637] [client 45.135.232.70:48288] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /includes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbgAAAA8"]
[Thu Jan 16 14:20:44.143950 2025] [:error] [pid 510637] [client 45.135.232.70:48288] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbgAAAA8"]
[Thu Jan 16 14:20:44.144207 2025] [:error] [pid 510637] [client 45.135.232.70:48288] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbgAAAA8"]
[Thu Jan 16 14:20:44.145044 2025] [:error] [pid 510616] [client 45.135.232.70:48250] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MQAAAAo"]
[Thu Jan 16 14:20:44.145814 2025] [:error] [pid 500653] [client 45.135.232.70:48222] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/email/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/email/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNAwAAAAE"]
[Thu Jan 16 14:20:44.146045 2025] [:error] [pid 500653] [client 45.135.232.70:48222] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/email/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNAwAAAAE"]
[Thu Jan 16 14:20:44.146217 2025] [:error] [pid 500653] [client 45.135.232.70:48222] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/email/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNAwAAAAE"]
[Thu Jan 16 14:20:44.146492 2025] [:error] [pid 510617] [client 45.135.232.70:48186] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiIwAAAAs"]
[Thu Jan 16 14:20:44.146675 2025] [:error] [pid 510617] [client 45.135.232.70:48186] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiIwAAAAs"]
[Thu Jan 16 14:20:44.146909 2025] [:error] [pid 510617] [client 45.135.232.70:48186] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiIwAAAAs"]
[Thu Jan 16 14:20:44.236430 2025] [:error] [pid 507252] [client 45.135.232.70:48456] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqQAAAAc"]
[Thu Jan 16 14:20:44.237026 2025] [:error] [pid 507252] [client 45.135.232.70:48456] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqQAAAAc"]
[Thu Jan 16 14:20:44.237647 2025] [:error] [pid 507252] [client 45.135.232.70:48456] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqQAAAAc"]
[Thu Jan 16 14:20:44.241633 2025] [:error] [pid 510615] [client 45.135.232.70:48510] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /developer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rQAAAAk"]
[Thu Jan 16 14:20:44.242215 2025] [:error] [pid 510615] [client 45.135.232.70:48510] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rQAAAAk"]
[Thu Jan 16 14:20:44.242683 2025] [:error] [pid 510615] [client 45.135.232.70:48510] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rQAAAAk"]
[Thu Jan 16 14:20:44.247912 2025] [:error] [pid 500655] [client 45.135.232.70:48638] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /flock/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzewAAAAM"]
[Thu Jan 16 14:20:44.248335 2025] [:error] [pid 500655] [client 45.135.232.70:48638] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzewAAAAM"]
[Thu Jan 16 14:20:44.248594 2025] [:error] [pid 500655] [client 45.135.232.70:48638] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flock/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzewAAAAM"]
[Thu Jan 16 14:20:44.251306 2025] [:error] [pid 510631] [client 45.135.232.70:48034] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVQAAAA4"]
[Thu Jan 16 14:20:44.251649 2025] [:error] [pid 510631] [client 45.135.232.70:48034] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVQAAAA4"]
[Thu Jan 16 14:20:44.251888 2025] [:error] [pid 510631] [client 45.135.232.70:48034] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVQAAAA4"]
[Thu Jan 16 14:20:44.257389 2025] [:error] [pid 510637] [client 45.135.232.70:48516] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/services/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/services/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbwAAAA8"]
[Thu Jan 16 14:20:44.257601 2025] [:error] [pid 510637] [client 45.135.232.70:48516] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/services/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbwAAAA8"]
[Thu Jan 16 14:20:44.257753 2025] [:error] [pid 510637] [client 45.135.232.70:48516] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/services/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VbwAAAA8"]
[Thu Jan 16 14:20:44.258462 2025] [:error] [pid 501744] [client 45.135.232.70:48466] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFgAAAAY"]
[Thu Jan 16 14:20:44.258964 2025] [:error] [pid 501744] [client 45.135.232.70:48466] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFgAAAAY"]
[Thu Jan 16 14:20:44.259164 2025] [:error] [pid 510616] [client 45.135.232.70:48350] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /demo/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MgAAAAo"]
[Thu Jan 16 14:20:44.259350 2025] [:error] [pid 501744] [client 45.135.232.70:48466] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFgAAAAY"]
[Thu Jan 16 14:20:44.259392 2025] [:error] [pid 510616] [client 45.135.232.70:48350] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MgAAAAo"]
[Thu Jan 16 14:20:44.259593 2025] [:error] [pid 510616] [client 45.135.232.70:48350] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MgAAAAo"]
[Thu Jan 16 14:20:44.263185 2025] [:error] [pid 510629] [client 45.135.232.70:48058] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/notifications/push/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/notifications/push/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozgAAAAw"]
[Thu Jan 16 14:20:44.263381 2025] [:error] [pid 510629] [client 45.135.232.70:48058] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/notifications/push/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozgAAAAw"]
[Thu Jan 16 14:20:44.263541 2025] [:error] [pid 510629] [client 45.135.232.70:48058] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/notifications/push/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozgAAAAw"]
[Thu Jan 16 14:20:44.264934 2025] [:error] [pid 500653] [client 45.135.232.70:48676] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/services/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/services/mail/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBAAAAAE"]
[Thu Jan 16 14:20:44.264970 2025] [:error] [pid 510617] [client 45.135.232.70:48498] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJAAAAAs"]
[Thu Jan 16 14:20:44.265206 2025] [:error] [pid 510617] [client 45.135.232.70:48498] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJAAAAAs"]
[Thu Jan 16 14:20:44.265353 2025] [:error] [pid 510617] [client 45.135.232.70:48498] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJAAAAAs"]
[Thu Jan 16 14:20:44.265483 2025] [:error] [pid 500653] [client 45.135.232.70:48676] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/services/mail/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBAAAAAE"]
[Thu Jan 16 14:20:44.265862 2025] [:error] [pid 500653] [client 45.135.232.70:48676] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/services/mail/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBAAAAAE"]
[Thu Jan 16 14:20:44.349422 2025] [:error] [pid 510615] [client 45.135.232.70:48744] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /queue/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/queue/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rgAAAAk"]
[Thu Jan 16 14:20:44.349802 2025] [:error] [pid 510615] [client 45.135.232.70:48744] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/queue/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rgAAAAk"]
[Thu Jan 16 14:20:44.350119 2025] [:error] [pid 510615] [client 45.135.232.70:48744] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/queue/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rgAAAAk"]
[Thu Jan 16 14:20:44.352857 2025] [:error] [pid 507252] [client 45.135.232.70:48394] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqgAAAAc"]
[Thu Jan 16 14:20:44.353475 2025] [:error] [pid 507252] [client 45.135.232.70:48394] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqgAAAAc"]
[Thu Jan 16 14:20:44.353920 2025] [:error] [pid 507252] [client 45.135.232.70:48394] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqgAAAAc"]
[Thu Jan 16 14:20:44.355925 2025] [:error] [pid 500655] [client 45.135.232.70:48752] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfAAAAAM"]
[Thu Jan 16 14:20:44.356267 2025] [:error] [pid 500655] [client 45.135.232.70:48752] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfAAAAAM"]
[Thu Jan 16 14:20:44.356468 2025] [:error] [pid 500655] [client 45.135.232.70:48752] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfAAAAAM"]
[Thu Jan 16 14:20:44.372582 2025] [:error] [pid 510637] [client 45.135.232.70:48434] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcAAAAA8"]
[Thu Jan 16 14:20:44.372930 2025] [:error] [pid 510637] [client 45.135.232.70:48434] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcAAAAA8"]
[Thu Jan 16 14:20:44.373146 2025] [:error] [pid 510637] [client 45.135.232.70:48434] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcAAAAA8"]
[Thu Jan 16 14:20:44.377317 2025] [:error] [pid 510616] [client 45.135.232.70:48720] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/smtp/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/smtp/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MwAAAAo"]
[Thu Jan 16 14:20:44.377662 2025] [:error] [pid 510616] [client 45.135.232.70:48720] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/smtp/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MwAAAAo"]
[Thu Jan 16 14:20:44.377863 2025] [:error] [pid 510616] [client 45.135.232.70:48720] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/smtp/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95MwAAAAo"]
[Thu Jan 16 14:20:44.379595 2025] [:error] [pid 510631] [client 45.135.232.70:48570] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVgAAAA4"]
[Thu Jan 16 14:20:44.379903 2025] [:error] [pid 510631] [client 45.135.232.70:48570] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVgAAAA4"]
[Thu Jan 16 14:20:44.380102 2025] [:error] [pid 510631] [client 45.135.232.70:48570] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVgAAAA4"]
[Thu Jan 16 14:20:44.380907 2025] [:error] [pid 510617] [client 45.135.232.70:48740] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /mailer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJQAAAAs"]
[Thu Jan 16 14:20:44.382327 2025] [:error] [pid 510617] [client 45.135.232.70:48740] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJQAAAAs"]
[Thu Jan 16 14:20:44.382629 2025] [:error] [pid 510617] [client 45.135.232.70:48740] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJQAAAAs"]
[Thu Jan 16 14:20:44.384021 2025] [:error] [pid 501744] [client 45.135.232.70:48118] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/aws-ses/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/aws-ses/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFwAAAAY"]
[Thu Jan 16 14:20:44.384547 2025] [:error] [pid 501744] [client 45.135.232.70:48118] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/aws-ses/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFwAAAAY"]
[Thu Jan 16 14:20:44.384947 2025] [:error] [pid 501744] [client 45.135.232.70:48118] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/aws-ses/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlFwAAAAY"]
[Thu Jan 16 14:20:44.389292 2025] [:error] [pid 510629] [client 45.135.232.70:48660] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/modules/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozwAAAAw"]
[Thu Jan 16 14:20:44.389620 2025] [:error] [pid 510629] [client 45.135.232.70:48660] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/modules/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozwAAAAw"]
[Thu Jan 16 14:20:44.389876 2025] [:error] [pid 510629] [client 45.135.232.70:48660] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/modules/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHozwAAAAw"]
[Thu Jan 16 14:20:44.392244 2025] [:error] [pid 500653] [client 45.135.232.70:48098] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cron/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBQAAAAE"]
[Thu Jan 16 14:20:44.392550 2025] [:error] [pid 500653] [client 45.135.232.70:48098] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBQAAAAE"]
[Thu Jan 16 14:20:44.392849 2025] [:error] [pid 500653] [client 45.135.232.70:48098] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBQAAAAE"]
[Thu Jan 16 14:20:44.463437 2025] [:error] [pid 510615] [client 45.135.232.70:48722] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repos/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rwAAAAk"]
[Thu Jan 16 14:20:44.463977 2025] [:error] [pid 510615] [client 45.135.232.70:48722] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rwAAAAk"]
[Thu Jan 16 14:20:44.464469 2025] [:error] [pid 510615] [client 45.135.232.70:48722] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0rwAAAAk"]
[Thu Jan 16 14:20:44.481215 2025] [:error] [pid 500655] [client 45.135.232.70:48102] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/smtp/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/smtp/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfQAAAAM"]
[Thu Jan 16 14:20:44.481795 2025] [:error] [pid 500655] [client 45.135.232.70:48102] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/smtp/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfQAAAAM"]
[Thu Jan 16 14:20:44.482437 2025] [:error] [pid 500655] [client 45.135.232.70:48102] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/smtp/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfQAAAAM"]
[Thu Jan 16 14:20:44.491120 2025] [:error] [pid 507252] [client 45.135.232.70:48084] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/notification/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/notification/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqwAAAAc"]
[Thu Jan 16 14:20:44.491681 2025] [:error] [pid 507252] [client 45.135.232.70:48084] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/notification/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqwAAAAc"]
[Thu Jan 16 14:20:44.492225 2025] [:error] [pid 507252] [client 45.135.232.70:48084] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/notification/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNqwAAAAc"]
[Thu Jan 16 14:20:44.495249 2025] [:error] [pid 510616] [client 45.135.232.70:48658] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NAAAAAo"]
[Thu Jan 16 14:20:44.495664 2025] [:error] [pid 510616] [client 45.135.232.70:48658] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NAAAAAo"]
[Thu Jan 16 14:20:44.495988 2025] [:error] [pid 510616] [client 45.135.232.70:48658] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NAAAAAo"]
[Thu Jan 16 14:20:44.500313 2025] [:error] [pid 510617] [client 45.135.232.70:48536] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /private/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/mail/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJgAAAAs"]
[Thu Jan 16 14:20:44.500719 2025] [:error] [pid 510617] [client 45.135.232.70:48536] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/mail/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJgAAAAs"]
[Thu Jan 16 14:20:44.501011 2025] [:error] [pid 510617] [client 45.135.232.70:48536] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/mail/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJgAAAAs"]
[Thu Jan 16 14:20:44.503893 2025] [:error] [pid 510631] [client 45.135.232.70:48206] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /gateway/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVwAAAA4"]
[Thu Jan 16 14:20:44.504231 2025] [:error] [pid 510631] [client 45.135.232.70:48206] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVwAAAA4"]
[Thu Jan 16 14:20:44.504578 2025] [:error] [pid 510631] [client 45.135.232.70:48206] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExVwAAAA4"]
[Thu Jan 16 14:20:44.506462 2025] [:error] [pid 510637] [client 45.135.232.70:48122] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /aomanalyzer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcQAAAA8"]
[Thu Jan 16 14:20:44.506769 2025] [:error] [pid 510637] [client 45.135.232.70:48122] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcQAAAA8"]
[Thu Jan 16 14:20:44.507032 2025] [:error] [pid 510637] [client 45.135.232.70:48122] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aomanalyzer/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcQAAAA8"]
[Thu Jan 16 14:20:44.514329 2025] [:error] [pid 501744] [client 45.135.232.70:48594] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /communications/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/communications/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGAAAAAY"]
[Thu Jan 16 14:20:44.514731 2025] [:error] [pid 510629] [client 45.135.232.70:48130] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dist/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0AAAAAw"]
[Thu Jan 16 14:20:44.514866 2025] [:error] [pid 501744] [client 45.135.232.70:48594] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/communications/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGAAAAAY"]
[Thu Jan 16 14:20:44.514936 2025] [:error] [pid 510629] [client 45.135.232.70:48130] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0AAAAAw"]
[Thu Jan 16 14:20:44.515079 2025] [:error] [pid 510629] [client 45.135.232.70:48130] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0AAAAAw"]
[Thu Jan 16 14:20:44.515351 2025] [:error] [pid 501744] [client 45.135.232.70:48594] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/communications/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGAAAAAY"]
[Thu Jan 16 14:20:44.529372 2025] [:error] [pid 500653] [client 45.135.232.70:48192] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /s3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBgAAAAE"]
[Thu Jan 16 14:20:44.529716 2025] [:error] [pid 500653] [client 45.135.232.70:48192] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBgAAAAE"]
[Thu Jan 16 14:20:44.529995 2025] [:error] [pid 500653] [client 45.135.232.70:48192] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBgAAAAE"]
[Thu Jan 16 14:20:44.589229 2025] [:error] [pid 510615] [client 45.135.232.70:48264] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sAAAAAk"]
[Thu Jan 16 14:20:44.589812 2025] [:error] [pid 510615] [client 45.135.232.70:48264] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sAAAAAk"]
[Thu Jan 16 14:20:44.590206 2025] [:error] [pid 510615] [client 45.135.232.70:48264] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sAAAAAk"]
[Thu Jan 16 14:20:44.619704 2025] [:error] [pid 500655] [client 45.135.232.70:48694] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /data/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfgAAAAM"]
[Thu Jan 16 14:20:44.620178 2025] [:error] [pid 510616] [client 45.135.232.70:48652] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NQAAAAo"]
[Thu Jan 16 14:20:44.620571 2025] [:error] [pid 510616] [client 45.135.232.70:48652] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NQAAAAo"]
[Thu Jan 16 14:20:44.620871 2025] [:error] [pid 510616] [client 45.135.232.70:48652] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NQAAAAo"]
[Thu Jan 16 14:20:44.621563 2025] [:error] [pid 507252] [client 45.135.232.70:48818] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /connectors/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/connectors/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrAAAAAc"]
[Thu Jan 16 14:20:44.622004 2025] [:error] [pid 500655] [client 45.135.232.70:48694] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfgAAAAM"]
[Thu Jan 16 14:20:44.622137 2025] [:error] [pid 507252] [client 45.135.232.70:48818] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/connectors/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrAAAAAc"]
[Thu Jan 16 14:20:44.622358 2025] [:error] [pid 500655] [client 45.135.232.70:48694] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfgAAAAM"]
[Thu Jan 16 14:20:44.622594 2025] [:error] [pid 507252] [client 45.135.232.70:48818] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/connectors/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrAAAAAc"]
[Thu Jan 16 14:20:44.632700 2025] [:error] [pid 510617] [client 45.135.232.70:48142] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJwAAAAs"]
[Thu Jan 16 14:20:44.633139 2025] [:error] [pid 510617] [client 45.135.232.70:48142] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJwAAAAs"]
[Thu Jan 16 14:20:44.633413 2025] [:error] [pid 510617] [client 45.135.232.70:48142] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiJwAAAAs"]
[Thu Jan 16 14:20:44.633721 2025] [:error] [pid 501744] [client 45.135.232.70:48788] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGQAAAAY"]
[Thu Jan 16 14:20:44.634284 2025] [:error] [pid 501744] [client 45.135.232.70:48788] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGQAAAAY"]
[Thu Jan 16 14:20:44.634643 2025] [:error] [pid 501744] [client 45.135.232.70:48788] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v4/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGQAAAAY"]
[Thu Jan 16 14:20:44.639804 2025] [:error] [pid 510631] [client 45.135.232.70:48236] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/mailer-config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mailer-config/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWAAAAA4"]
[Thu Jan 16 14:20:44.640168 2025] [:error] [pid 510631] [client 45.135.232.70:48236] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mailer-config/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWAAAAA4"]
[Thu Jan 16 14:20:44.640414 2025] [:error] [pid 510631] [client 45.135.232.70:48236] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mailer-config/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWAAAAA4"]
[Thu Jan 16 14:20:44.642264 2025] [:error] [pid 510629] [client 45.135.232.70:48812] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /common/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/common/mail/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0QAAAAw"]
[Thu Jan 16 14:20:44.642519 2025] [:error] [pid 510629] [client 45.135.232.70:48812] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/common/mail/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0QAAAAw"]
[Thu Jan 16 14:20:44.642709 2025] [:error] [pid 510629] [client 45.135.232.70:48812] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/common/mail/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0QAAAAw"]
[Thu Jan 16 14:20:44.645847 2025] [:error] [pid 510637] [client 45.135.232.70:48238] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /m/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcgAAAA8"]
[Thu Jan 16 14:20:44.646099 2025] [:error] [pid 510637] [client 45.135.232.70:48238] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcgAAAA8"]
[Thu Jan 16 14:20:44.646304 2025] [:error] [pid 510637] [client 45.135.232.70:48238] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/m/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcgAAAA8"]
[Thu Jan 16 14:20:44.666755 2025] [:error] [pid 500653] [client 45.135.232.70:48308] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /notifications/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/notifications/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBwAAAAE"]
[Thu Jan 16 14:20:44.667071 2025] [:error] [pid 500653] [client 45.135.232.70:48308] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/notifications/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBwAAAAE"]
[Thu Jan 16 14:20:44.667282 2025] [:error] [pid 500653] [client 45.135.232.70:48308] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/notifications/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNBwAAAAE"]
[Thu Jan 16 14:20:44.724128 2025] [:error] [pid 510615] [client 45.135.232.70:48368] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/mail/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sQAAAAk"]
[Thu Jan 16 14:20:44.724720 2025] [:error] [pid 510615] [client 45.135.232.70:48368] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/mail/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sQAAAAk"]
[Thu Jan 16 14:20:44.725148 2025] [:error] [pid 510615] [client 45.135.232.70:48368] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/mail/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sQAAAAk"]
[Thu Jan 16 14:20:44.749048 2025] [:error] [pid 510616] [client 45.135.232.70:48416] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/services/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/services/mail/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NgAAAAo"]
[Thu Jan 16 14:20:44.749757 2025] [:error] [pid 510616] [client 45.135.232.70:48416] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/services/mail/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NgAAAAo"]
[Thu Jan 16 14:20:44.750191 2025] [:error] [pid 510616] [client 45.135.232.70:48416] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/services/mail/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NgAAAAo"]
[Thu Jan 16 14:20:44.750857 2025] [:error] [pid 507252] [client 45.135.232.70:48320] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrQAAAAc"]
[Thu Jan 16 14:20:44.751561 2025] [:error] [pid 507252] [client 45.135.232.70:48320] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrQAAAAc"]
[Thu Jan 16 14:20:44.752040 2025] [:error] [pid 507252] [client 45.135.232.70:48320] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v2/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrQAAAAc"]
[Thu Jan 16 14:20:44.752952 2025] [:error] [pid 500655] [client 45.135.232.70:48380] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfwAAAAM"]
[Thu Jan 16 14:20:44.753442 2025] [:error] [pid 500655] [client 45.135.232.70:48380] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfwAAAAM"]
[Thu Jan 16 14:20:44.753742 2025] [:error] [pid 500655] [client 45.135.232.70:48380] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzfwAAAAM"]
[Thu Jan 16 14:20:44.764491 2025] [:error] [pid 501744] [client 45.135.232.70:48298] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGgAAAAY"]
[Thu Jan 16 14:20:44.765106 2025] [:error] [pid 501744] [client 45.135.232.70:48298] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGgAAAAY"]
[Thu Jan 16 14:20:44.765513 2025] [:error] [pid 501744] [client 45.135.232.70:48298] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v3/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGgAAAAY"]
[Thu Jan 16 14:20:44.769232 2025] [:error] [pid 510631] [client 45.135.232.70:48834] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWQAAAA4"]
[Thu Jan 16 14:20:44.772132 2025] [:error] [pid 510617] [client 45.135.232.70:48444] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /qa/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiKAAAAAs"]
[Thu Jan 16 14:20:44.772496 2025] [:error] [pid 510617] [client 45.135.232.70:48444] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiKAAAAAs"]
[Thu Jan 16 14:20:44.772736 2025] [:error] [pid 510617] [client 45.135.232.70:48444] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiKAAAAAs"]
[Thu Jan 16 14:20:44.769660 2025] [:error] [pid 510631] [client 45.135.232.70:48834] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWQAAAA4"]
[Thu Jan 16 14:20:44.774110 2025] [:error] [pid 510631] [client 45.135.232.70:48834] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/mail/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWQAAAA4"]
[Thu Jan 16 14:20:44.774893 2025] [:error] [pid 510629] [client 45.135.232.70:48334] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /new/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0gAAAAw"]
[Thu Jan 16 14:20:44.775201 2025] [:error] [pid 510629] [client 45.135.232.70:48334] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0gAAAAw"]
[Thu Jan 16 14:20:44.775446 2025] [:error] [pid 510629] [client 45.135.232.70:48334] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0gAAAAw"]
[Thu Jan 16 14:20:44.782542 2025] [:error] [pid 510637] [client 45.135.232.70:48586] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/modules/api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/modules/api/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcwAAAA8"]
[Thu Jan 16 14:20:44.782751 2025] [:error] [pid 510637] [client 45.135.232.70:48586] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/modules/api/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcwAAAA8"]
[Thu Jan 16 14:20:44.782927 2025] [:error] [pid 510637] [client 45.135.232.70:48586] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/modules/api/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VcwAAAA8"]
[Thu Jan 16 14:20:44.807608 2025] [:error] [pid 500653] [client 45.135.232.70:48408] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /__macosx/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNCAAAAAE"]
[Thu Jan 16 14:20:44.807923 2025] [:error] [pid 500653] [client 45.135.232.70:48408] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNCAAAAAE"]
[Thu Jan 16 14:20:44.808149 2025] [:error] [pid 500653] [client 45.135.232.70:48408] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/__MACOSX/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNCAAAAAE"]
[Thu Jan 16 14:20:44.859392 2025] [:error] [pid 510615] [client 45.135.232.70:48608] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sgAAAAk"]
[Thu Jan 16 14:20:44.859927 2025] [:error] [pid 510615] [client 45.135.232.70:48608] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sgAAAAk"]
[Thu Jan 16 14:20:44.860350 2025] [:error] [pid 510615] [client 45.135.232.70:48608] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0sgAAAAk"]
[Thu Jan 16 14:20:44.891061 2025] [:error] [pid 500655] [client 45.135.232.70:48556] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/user/api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/user/api/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzgAAAAAM"]
[Thu Jan 16 14:20:44.891189 2025] [:error] [pid 510616] [client 45.135.232.70:48424] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/cloud/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/cloud/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NwAAAAo"]
[Thu Jan 16 14:20:44.891442 2025] [:error] [pid 500655] [client 45.135.232.70:48556] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/user/api/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzgAAAAAM"]
[Thu Jan 16 14:20:44.891719 2025] [:error] [pid 500655] [client 45.135.232.70:48556] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/user/api/.git/config"] [unique_id "Z4kHrAgnMRquV0bdEPwzgAAAAAM"]
[Thu Jan 16 14:20:44.891813 2025] [:error] [pid 510616] [client 45.135.232.70:48424] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/cloud/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NwAAAAo"]
[Thu Jan 16 14:20:44.892309 2025] [:error] [pid 510616] [client 45.135.232.70:48424] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/cloud/.git/config"] [unique_id "Z4kHrE2UnlP04CIbRA95NwAAAAo"]
[Thu Jan 16 14:20:44.893625 2025] [:error] [pid 507252] [client 45.135.232.70:48734] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrgAAAAc"]
[Thu Jan 16 14:20:44.893921 2025] [:error] [pid 507252] [client 45.135.232.70:48734] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrgAAAAc"]
[Thu Jan 16 14:20:44.894209 2025] [:error] [pid 507252] [client 45.135.232.70:48734] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.git/config"] [unique_id "Z4kHrM9-aCDtrS8J08kNrgAAAAc"]
[Thu Jan 16 14:20:44.902326 2025] [:error] [pid 510631] [client 45.135.232.70:48538] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWgAAAA4"]
[Thu Jan 16 14:20:44.904757 2025] [:error] [pid 501744] [client 45.135.232.70:48580] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /a/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGwAAAAY"]
[Thu Jan 16 14:20:44.905169 2025] [:error] [pid 501744] [client 45.135.232.70:48580] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGwAAAAY"]
[Thu Jan 16 14:20:44.905448 2025] [:error] [pid 501744] [client 45.135.232.70:48580] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/a/.git/config"] [unique_id "Z4kHrJu1_bwn-OVhpZOlGwAAAAY"]
[Thu Jan 16 14:20:44.906273 2025] [:error] [pid 510631] [client 45.135.232.70:48538] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWgAAAA4"]
[Thu Jan 16 14:20:44.906534 2025] [:error] [pid 510631] [client 45.135.232.70:48538] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z4kHrKll1LqbFli-TYExWgAAAA4"]
[Thu Jan 16 14:20:44.908234 2025] [:error] [pid 510617] [client 45.135.232.70:48716] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /live/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiKQAAAAs"]
[Thu Jan 16 14:20:44.908720 2025] [:error] [pid 510617] [client 45.135.232.70:48716] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiKQAAAAs"]
[Thu Jan 16 14:20:44.909040 2025] [:error] [pid 510617] [client 45.135.232.70:48716] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Z4kHrB0GqQT5iX5c5mKiKQAAAAs"]
[Thu Jan 16 14:20:44.916234 2025] [:error] [pid 510629] [client 45.135.232.70:48530] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/notifications/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/notifications/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0wAAAAw"]
[Thu Jan 16 14:20:44.916527 2025] [:error] [pid 510629] [client 45.135.232.70:48530] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/notifications/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0wAAAAw"]
[Thu Jan 16 14:20:44.916743 2025] [:error] [pid 510629] [client 45.135.232.70:48530] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/notifications/.git/config"] [unique_id "Z4kHrEybss1A0El7xRHo0wAAAAw"]
[Thu Jan 16 14:20:44.918782 2025] [:error] [pid 510637] [client 45.135.232.70:48678] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repository/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VdAAAAA8"]
[Thu Jan 16 14:20:44.919062 2025] [:error] [pid 510637] [client 45.135.232.70:48678] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VdAAAAA8"]
[Thu Jan 16 14:20:44.919269 2025] [:error] [pid 510637] [client 45.135.232.70:48678] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Z4kHrC99y7sHzDyIeh2VdAAAAA8"]
[Thu Jan 16 14:20:44.950029 2025] [:error] [pid 500653] [client 45.135.232.70:48458] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/services/workers/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/workers/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNCQAAAAE"]
[Thu Jan 16 14:20:44.950587 2025] [:error] [pid 500653] [client 45.135.232.70:48458] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/workers/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNCQAAAAE"]
[Thu Jan 16 14:20:44.950993 2025] [:error] [pid 500653] [client 45.135.232.70:48458] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/workers/.git/config"] [unique_id "Z4kHrJWbe3YhcT1jDQtNCQAAAAE"]
[Thu Jan 16 14:20:44.952276 2025] [:error] [pid 511460] [client 45.135.232.70:48700] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/email/sendgrid/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/sendgrid/.git/config"] [unique_id "Z4kHrGMvBnNNNT6Ukk60dwAAAAA"]
[Thu Jan 16 14:20:44.952762 2025] [:error] [pid 511460] [client 45.135.232.70:48700] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/sendgrid/.git/config"] [unique_id "Z4kHrGMvBnNNNT6Ukk60dwAAAAA"]
[Thu Jan 16 14:20:44.953048 2025] [:error] [pid 511460] [client 45.135.232.70:48700] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/sendgrid/.git/config"] [unique_id "Z4kHrGMvBnNNNT6Ukk60dwAAAAA"]
[Thu Jan 16 14:20:44.998859 2025] [:error] [pid 510615] [client 45.135.232.70:48476] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0swAAAAk"]
[Thu Jan 16 14:20:44.999534 2025] [:error] [pid 510615] [client 45.135.232.70:48476] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0swAAAAk"]
[Thu Jan 16 14:20:44.999990 2025] [:error] [pid 510615] [client 45.135.232.70:48476] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z4kHrMMsllM7RW6P3X-0swAAAAk"]
[Thu Jan 16 14:20:45.033746 2025] [:error] [pid 500655] [client 45.135.232.70:48486] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/aws/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/aws/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzgQAAAAM"]
[Thu Jan 16 14:20:45.035948 2025] [:error] [pid 510616] [client 45.135.232.70:48642] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/email/aws/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/aws/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OAAAAAo"]
[Thu Jan 16 14:20:45.036529 2025] [:error] [pid 510616] [client 45.135.232.70:48642] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/aws/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OAAAAAo"]
[Thu Jan 16 14:20:45.036959 2025] [:error] [pid 510616] [client 45.135.232.70:48642] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/aws/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OAAAAAo"]
[Thu Jan 16 14:20:45.037082 2025] [:error] [pid 507252] [client 45.135.232.70:48622] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /gateway/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNrwAAAAc"]
[Thu Jan 16 14:20:45.037830 2025] [:error] [pid 500655] [client 45.135.232.70:48486] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/aws/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzgQAAAAM"]
[Thu Jan 16 14:20:45.038167 2025] [:error] [pid 507252] [client 45.135.232.70:48622] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNrwAAAAc"]
[Thu Jan 16 14:20:45.038328 2025] [:error] [pid 500655] [client 45.135.232.70:48486] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/aws/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzgQAAAAM"]
[Thu Jan 16 14:20:45.038656 2025] [:error] [pid 507252] [client 45.135.232.70:48622] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gateway/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNrwAAAAc"]
[Thu Jan 16 14:20:45.041898 2025] [:error] [pid 501744] [client 45.135.232.70:48780] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/services/notifications/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/services/notifications/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHAAAAAY"]
[Thu Jan 16 14:20:45.042458 2025] [:error] [pid 501744] [client 45.135.232.70:48780] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/services/notifications/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHAAAAAY"]
[Thu Jan 16 14:20:45.042857 2025] [:error] [pid 501744] [client 45.135.232.70:48780] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/services/notifications/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHAAAAAY"]
[Thu Jan 16 14:20:45.045554 2025] [:error] [pid 510631] [client 45.135.232.70:48768] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExWwAAAA4"]
[Thu Jan 16 14:20:45.045770 2025] [:error] [pid 510631] [client 45.135.232.70:48768] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExWwAAAA4"]
[Thu Jan 16 14:20:45.045827 2025] [:error] [pid 510637] [client 45.135.232.70:48854] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdQAAAA8"]
[Thu Jan 16 14:20:45.045928 2025] [:error] [pid 510631] [client 45.135.232.70:48768] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v1/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExWwAAAA4"]
[Thu Jan 16 14:20:45.046131 2025] [:error] [pid 510637] [client 45.135.232.70:48854] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdQAAAA8"]
[Thu Jan 16 14:20:45.047212 2025] [:error] [pid 510637] [client 45.135.232.70:48854] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdQAAAA8"]
[Thu Jan 16 14:20:45.047883 2025] [:error] [pid 510617] [client 45.135.232.70:48800] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /build/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiKgAAAAs"]
[Thu Jan 16 14:20:45.048152 2025] [:error] [pid 510617] [client 45.135.232.70:48800] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiKgAAAAs"]
[Thu Jan 16 14:20:45.048381 2025] [:error] [pid 510617] [client 45.135.232.70:48800] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiKgAAAAs"]
[Thu Jan 16 14:20:45.055344 2025] [:error] [pid 510629] [client 45.135.232.70:48844] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shop/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1AAAAAw"]
[Thu Jan 16 14:20:45.055584 2025] [:error] [pid 510629] [client 45.135.232.70:48844] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1AAAAAw"]
[Thu Jan 16 14:20:45.055759 2025] [:error] [pid 510629] [client 45.135.232.70:48844] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1AAAAAw"]
[Thu Jan 16 14:20:45.084412 2025] [:error] [pid 500653] [client 45.135.232.70:48866] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNCgAAAAE"]
[Thu Jan 16 14:20:45.084879 2025] [:error] [pid 500653] [client 45.135.232.70:48866] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNCgAAAAE"]
[Thu Jan 16 14:20:45.085233 2025] [:error] [pid 500653] [client 45.135.232.70:48866] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNCgAAAAE"]
[Thu Jan 16 14:20:45.094146 2025] [:error] [pid 511460] [client 45.135.232.70:48876] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /amphtml/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60eAAAAAA"]
[Thu Jan 16 14:20:45.094699 2025] [:error] [pid 511460] [client 45.135.232.70:48876] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60eAAAAAA"]
[Thu Jan 16 14:20:45.095066 2025] [:error] [pid 511460] [client 45.135.232.70:48876] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/amphtml/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60eAAAAAA"]
[Thu Jan 16 14:20:45.126523 2025] [:error] [pid 510615] [client 45.135.232.70:48936] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /git/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tAAAAAk"]
[Thu Jan 16 14:20:45.127111 2025] [:error] [pid 510615] [client 45.135.232.70:48936] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tAAAAAk"]
[Thu Jan 16 14:20:45.127599 2025] [:error] [pid 510615] [client 45.135.232.70:48936] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/git/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tAAAAAk"]
[Thu Jan 16 14:20:45.193190 2025] [:error] [pid 500655] [client 45.135.232.70:48928] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/email/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzggAAAAM"]
[Thu Jan 16 14:20:45.193626 2025] [:error] [pid 510631] [client 45.135.232.70:49074] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXAAAAA4"]
[Thu Jan 16 14:20:45.196108 2025] [:error] [pid 510629] [client 45.135.232.70:48988] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1QAAAAw"]
[Thu Jan 16 14:20:45.196136 2025] [:error] [pid 510617] [client 45.135.232.70:48974] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/billing/api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/billing/api/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiKwAAAAs"]
[Thu Jan 16 14:20:45.196653 2025] [:error] [pid 510629] [client 45.135.232.70:48988] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1QAAAAw"]
[Thu Jan 16 14:20:45.196691 2025] [:error] [pid 510617] [client 45.135.232.70:48974] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/billing/api/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiKwAAAAs"]
[Thu Jan 16 14:20:45.197012 2025] [:error] [pid 510617] [client 45.135.232.70:48974] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/billing/api/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiKwAAAAs"]
[Thu Jan 16 14:20:45.198083 2025] [:error] [pid 510637] [client 45.135.232.70:49036] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdgAAAA8"]
[Thu Jan 16 14:20:45.198385 2025] [:error] [pid 510637] [client 45.135.232.70:49036] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdgAAAA8"]
[Thu Jan 16 14:20:45.198639 2025] [:error] [pid 510637] [client 45.135.232.70:49036] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v3/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdgAAAA8"]
[Thu Jan 16 14:20:45.199632 2025] [:error] [pid 507252] [client 45.135.232.70:48892] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsAAAAAc"]
[Thu Jan 16 14:20:45.199960 2025] [:error] [pid 507252] [client 45.135.232.70:48892] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsAAAAAc"]
[Thu Jan 16 14:20:45.200266 2025] [:error] [pid 507252] [client 45.135.232.70:48892] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsAAAAAc"]
[Thu Jan 16 14:20:45.200731 2025] [:error] [pid 501744] [client 45.135.232.70:49062] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /node_modules/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHQAAAAY"]
[Thu Jan 16 14:20:45.201066 2025] [:error] [pid 501744] [client 45.135.232.70:49062] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHQAAAAY"]
[Thu Jan 16 14:20:45.201192 2025] [:error] [pid 500655] [client 45.135.232.70:48928] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzggAAAAM"]
[Thu Jan 16 14:20:45.201315 2025] [:error] [pid 501744] [client 45.135.232.70:49062] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHQAAAAY"]
[Thu Jan 16 14:20:45.201458 2025] [:error] [pid 500655] [client 45.135.232.70:48928] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/email/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzggAAAAM"]
[Thu Jan 16 14:20:45.202275 2025] [:error] [pid 510631] [client 45.135.232.70:49074] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXAAAAA4"]
[Thu Jan 16 14:20:45.202521 2025] [:error] [pid 510631] [client 45.135.232.70:49074] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXAAAAA4"]
[Thu Jan 16 14:20:45.203475 2025] [:error] [pid 500653] [client 45.135.232.70:48948] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNCwAAAAE"]
[Thu Jan 16 14:20:45.203775 2025] [:error] [pid 500653] [client 45.135.232.70:48948] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNCwAAAAE"]
[Thu Jan 16 14:20:45.204060 2025] [:error] [pid 500653] [client 45.135.232.70:48948] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNCwAAAAE"]
[Thu Jan 16 14:20:45.204564 2025] [:error] [pid 510616] [client 45.135.232.70:48958] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OQAAAAo"]
[Thu Jan 16 14:20:45.204924 2025] [:error] [pid 510616] [client 45.135.232.70:48958] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OQAAAAo"]
[Thu Jan 16 14:20:45.205171 2025] [:error] [pid 510616] [client 45.135.232.70:48958] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OQAAAAo"]
[Thu Jan 16 14:20:45.205966 2025] [:error] [pid 510629] [client 45.135.232.70:48988] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v4/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1QAAAAw"]
[Thu Jan 16 14:20:45.224774 2025] [:error] [pid 511460] [client 45.135.232.70:48952] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60eQAAAAA"]
[Thu Jan 16 14:20:45.225127 2025] [:error] [pid 511460] [client 45.135.232.70:48952] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60eQAAAAA"]
[Thu Jan 16 14:20:45.225332 2025] [:error] [pid 511460] [client 45.135.232.70:48952] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60eQAAAAA"]
[Thu Jan 16 14:20:45.242664 2025] [:error] [pid 510615] [client 45.135.232.70:48962] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /live/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tQAAAAk"]
[Thu Jan 16 14:20:45.243208 2025] [:error] [pid 510615] [client 45.135.232.70:48962] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tQAAAAk"]
[Thu Jan 16 14:20:45.243592 2025] [:error] [pid 510615] [client 45.135.232.70:48962] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tQAAAAk"]
[Thu Jan 16 14:20:45.317915 2025] [:error] [pid 510617] [client 45.135.232.70:49128] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLAAAAAs"]
[Thu Jan 16 14:20:45.321108 2025] [:error] [pid 500653] [client 45.135.232.70:49162] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDAAAAAE"]
[Thu Jan 16 14:20:45.321570 2025] [:error] [pid 500653] [client 45.135.232.70:49162] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDAAAAAE"]
[Thu Jan 16 14:20:45.322050 2025] [:error] [pid 500653] [client 45.135.232.70:49162] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDAAAAAE"]
[Thu Jan 16 14:20:45.323136 2025] [:error] [pid 510617] [client 45.135.232.70:49128] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLAAAAAs"]
[Thu Jan 16 14:20:45.323647 2025] [:error] [pid 510617] [client 45.135.232.70:49128] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLAAAAAs"]
[Thu Jan 16 14:20:45.327169 2025] [:error] [pid 510629] [client 45.135.232.70:48906] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /integrations/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/integrations/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1gAAAAw"]
[Thu Jan 16 14:20:45.329335 2025] [:error] [pid 500655] [client 45.135.232.70:48980] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/smtp/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/smtp/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzgwAAAAM"]
[Thu Jan 16 14:20:45.329606 2025] [:error] [pid 500655] [client 45.135.232.70:48980] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/smtp/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzgwAAAAM"]
[Thu Jan 16 14:20:45.329817 2025] [:error] [pid 500655] [client 45.135.232.70:48980] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/smtp/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzgwAAAAM"]
[Thu Jan 16 14:20:45.329872 2025] [:error] [pid 510631] [client 45.135.232.70:49014] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXQAAAA4"]
[Thu Jan 16 14:20:45.330295 2025] [:error] [pid 510631] [client 45.135.232.70:49014] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXQAAAA4"]
[Thu Jan 16 14:20:45.330579 2025] [:error] [pid 510631] [client 45.135.232.70:49014] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXQAAAA4"]
[Thu Jan 16 14:20:45.330635 2025] [:error] [pid 507252] [client 45.135.232.70:49110] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsQAAAAc"]
[Thu Jan 16 14:20:45.330898 2025] [:error] [pid 507252] [client 45.135.232.70:49110] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsQAAAAc"]
[Thu Jan 16 14:20:45.331091 2025] [:error] [pid 507252] [client 45.135.232.70:49110] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v3/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsQAAAAc"]
[Thu Jan 16 14:20:45.332737 2025] [:error] [pid 501744] [client 45.135.232.70:48904] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/email/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/email/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHgAAAAY"]
[Thu Jan 16 14:20:45.332898 2025] [:error] [pid 510637] [client 45.135.232.70:48984] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/admin/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdwAAAA8"]
[Thu Jan 16 14:20:45.332977 2025] [:error] [pid 501744] [client 45.135.232.70:48904] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/email/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHgAAAAY"]
[Thu Jan 16 14:20:45.333172 2025] [:error] [pid 501744] [client 45.135.232.70:48904] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/email/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHgAAAAY"]
[Thu Jan 16 14:20:45.333199 2025] [:error] [pid 510637] [client 45.135.232.70:48984] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdwAAAA8"]
[Thu Jan 16 14:20:45.333485 2025] [:error] [pid 510637] [client 45.135.232.70:48984] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/admin/v2/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VdwAAAA8"]
[Thu Jan 16 14:20:45.334372 2025] [:error] [pid 510629] [client 45.135.232.70:48906] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/integrations/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1gAAAAw"]
[Thu Jan 16 14:20:45.334651 2025] [:error] [pid 510629] [client 45.135.232.70:48906] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/integrations/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1gAAAAw"]
[Thu Jan 16 14:20:45.334957 2025] [:error] [pid 510616] [client 45.135.232.70:48996] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /shared/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/mail/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OgAAAAo"]
[Thu Jan 16 14:20:45.335190 2025] [:error] [pid 510616] [client 45.135.232.70:48996] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/mail/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OgAAAAo"]
[Thu Jan 16 14:20:45.335386 2025] [:error] [pid 510616] [client 45.135.232.70:48996] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/mail/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OgAAAAo"]
[Thu Jan 16 14:20:45.341556 2025] [:error] [pid 511460] [client 45.135.232.70:49172] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /internal/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/mail/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60egAAAAA"]
[Thu Jan 16 14:20:45.341741 2025] [:error] [pid 511460] [client 45.135.232.70:49172] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/mail/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60egAAAAA"]
[Thu Jan 16 14:20:45.341884 2025] [:error] [pid 511460] [client 45.135.232.70:49172] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/mail/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60egAAAAA"]
[Thu Jan 16 14:20:45.373363 2025] [:error] [pid 510615] [client 45.135.232.70:49068] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /beta/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tgAAAAk"]
[Thu Jan 16 14:20:45.373854 2025] [:error] [pid 510615] [client 45.135.232.70:49068] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tgAAAAk"]
[Thu Jan 16 14:20:45.374224 2025] [:error] [pid 510615] [client 45.135.232.70:49068] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0tgAAAAk"]
[Thu Jan 16 14:20:45.448986 2025] [:error] [pid 500653] [client 45.135.232.70:49046] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/email/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/email/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDQAAAAE"]
[Thu Jan 16 14:20:45.449847 2025] [:error] [pid 500653] [client 45.135.232.70:49046] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/email/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDQAAAAE"]
[Thu Jan 16 14:20:45.450574 2025] [:error] [pid 500653] [client 45.135.232.70:49046] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/email/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDQAAAAE"]
[Thu Jan 16 14:20:45.453029 2025] [:error] [pid 510617] [client 45.135.232.70:48920] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/services/notifications/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/notifications/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLQAAAAs"]
[Thu Jan 16 14:20:45.453581 2025] [:error] [pid 510617] [client 45.135.232.70:48920] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/notifications/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLQAAAAs"]
[Thu Jan 16 14:20:45.453706 2025] [:error] [pid 510631] [client 45.135.232.70:49194] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /assets/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXgAAAA4"]
[Thu Jan 16 14:20:45.453999 2025] [:error] [pid 510617] [client 45.135.232.70:48920] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/notifications/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLQAAAAs"]
[Thu Jan 16 14:20:45.454134 2025] [:error] [pid 510631] [client 45.135.232.70:49194] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXgAAAA4"]
[Thu Jan 16 14:20:45.455128 2025] [:error] [pid 510631] [client 45.135.232.70:49194] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXgAAAA4"]
[Thu Jan 16 14:20:45.456777 2025] [:error] [pid 511460] [client 45.135.232.70:49186] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60ewAAAAA"]
[Thu Jan 16 14:20:45.457145 2025] [:error] [pid 511460] [client 45.135.232.70:49186] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60ewAAAAA"]
[Thu Jan 16 14:20:45.457479 2025] [:error] [pid 511460] [client 45.135.232.70:49186] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60ewAAAAA"]
[Thu Jan 16 14:20:45.467656 2025] [:error] [pid 507252] [client 45.135.232.70:49094] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsgAAAAc"]
[Thu Jan 16 14:20:45.467892 2025] [:error] [pid 507252] [client 45.135.232.70:49094] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsgAAAAc"]
[Thu Jan 16 14:20:45.468068 2025] [:error] [pid 507252] [client 45.135.232.70:49094] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNsgAAAAc"]
[Thu Jan 16 14:20:45.471765 2025] [:error] [pid 500655] [client 45.135.232.70:49004] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/auth/api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/auth/api/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhAAAAAM"]
[Thu Jan 16 14:20:45.472252 2025] [:error] [pid 500655] [client 45.135.232.70:49004] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/auth/api/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhAAAAAM"]
[Thu Jan 16 14:20:45.472659 2025] [:error] [pid 500655] [client 45.135.232.70:49004] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/auth/api/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhAAAAAM"]
[Thu Jan 16 14:20:45.473603 2025] [:error] [pid 510637] [client 45.135.232.70:49024] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /cms/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VeAAAAA8"]
[Thu Jan 16 14:20:45.473873 2025] [:error] [pid 510637] [client 45.135.232.70:49024] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VeAAAAA8"]
[Thu Jan 16 14:20:45.475493 2025] [:error] [pid 501744] [client 45.135.232.70:49090] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /old-cuburn/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHwAAAAY"]
[Thu Jan 16 14:20:45.475666 2025] [:error] [pid 510629] [client 45.135.232.70:49214] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1wAAAAw"]
[Thu Jan 16 14:20:45.475748 2025] [:error] [pid 501744] [client 45.135.232.70:49090] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHwAAAAY"]
[Thu Jan 16 14:20:45.475977 2025] [:error] [pid 501744] [client 45.135.232.70:49090] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old-cuburn/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlHwAAAAY"]
[Thu Jan 16 14:20:45.476188 2025] [:error] [pid 510629] [client 45.135.232.70:49214] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1wAAAAw"]
[Thu Jan 16 14:20:45.476594 2025] [:error] [pid 510629] [client 45.135.232.70:49214] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo1wAAAAw"]
[Thu Jan 16 14:20:45.477762 2025] [:error] [pid 510616] [client 45.135.232.70:49102] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v4/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OwAAAAo"]
[Thu Jan 16 14:20:45.477806 2025] [:error] [pid 510637] [client 45.135.232.70:49024] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VeAAAAA8"]
[Thu Jan 16 14:20:45.477993 2025] [:error] [pid 510616] [client 45.135.232.70:49102] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OwAAAAo"]
[Thu Jan 16 14:20:45.478203 2025] [:error] [pid 510616] [client 45.135.232.70:49102] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v4/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95OwAAAAo"]
[Thu Jan 16 14:20:45.510544 2025] [:error] [pid 510615] [client 45.135.232.70:49142] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /repository/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0twAAAAk"]
[Thu Jan 16 14:20:45.511193 2025] [:error] [pid 510615] [client 45.135.232.70:49142] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0twAAAAk"]
[Thu Jan 16 14:20:45.511615 2025] [:error] [pid 510615] [client 45.135.232.70:49142] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0twAAAAk"]
[Thu Jan 16 14:20:45.574931 2025] [:error] [pid 510631] [client 45.135.232.70:49158] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/email/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/email/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXwAAAA4"]
[Thu Jan 16 14:20:45.575280 2025] [:error] [pid 510631] [client 45.135.232.70:49158] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/email/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXwAAAA4"]
[Thu Jan 16 14:20:45.575521 2025] [:error] [pid 510631] [client 45.135.232.70:49158] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/email/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExXwAAAA4"]
[Thu Jan 16 14:20:45.578363 2025] [:error] [pid 510617] [client 45.135.232.70:49250] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/aws/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/aws/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLgAAAAs"]
[Thu Jan 16 14:20:45.578647 2025] [:error] [pid 510617] [client 45.135.232.70:49250] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/aws/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLgAAAAs"]
[Thu Jan 16 14:20:45.578833 2025] [:error] [pid 510617] [client 45.135.232.70:49250] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/aws/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLgAAAAs"]
[Thu Jan 16 14:20:45.584790 2025] [:error] [pid 511460] [client 45.135.232.70:49156] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/internal/services/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal/services/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fAAAAAA"]
[Thu Jan 16 14:20:45.585375 2025] [:error] [pid 511460] [client 45.135.232.70:49156] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal/services/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fAAAAAA"]
[Thu Jan 16 14:20:45.585871 2025] [:error] [pid 511460] [client 45.135.232.70:49156] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal/services/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fAAAAAA"]
[Thu Jan 16 14:20:45.590356 2025] [:error] [pid 500653] [client 45.135.232.70:49116] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /database/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDgAAAAE"]
[Thu Jan 16 14:20:45.590916 2025] [:error] [pid 500653] [client 45.135.232.70:49116] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDgAAAAE"]
[Thu Jan 16 14:20:45.591197 2025] [:error] [pid 500653] [client 45.135.232.70:49116] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDgAAAAE"]
[Thu Jan 16 14:20:45.599811 2025] [:error] [pid 500655] [client 45.135.232.70:49234] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /legacy/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/legacy/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhQAAAAM"]
[Thu Jan 16 14:20:45.600059 2025] [:error] [pid 500655] [client 45.135.232.70:49234] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/legacy/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhQAAAAM"]
[Thu Jan 16 14:20:45.600230 2025] [:error] [pid 500655] [client 45.135.232.70:49234] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/legacy/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhQAAAAM"]
[Thu Jan 16 14:20:45.602085 2025] [:error] [pid 510637] [client 45.135.232.70:49262] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VeQAAAA8"]
[Thu Jan 16 14:20:45.602342 2025] [:error] [pid 510637] [client 45.135.232.70:49262] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VeQAAAA8"]
[Thu Jan 16 14:20:45.602507 2025] [:error] [pid 510637] [client 45.135.232.70:49262] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VeQAAAA8"]
[Thu Jan 16 14:20:45.603805 2025] [:error] [pid 510629] [client 45.135.232.70:49212] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /samples/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2AAAAAw"]
[Thu Jan 16 14:20:45.604001 2025] [:error] [pid 510629] [client 45.135.232.70:49212] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2AAAAAw"]
[Thu Jan 16 14:20:45.604139 2025] [:error] [pid 510629] [client 45.135.232.70:49212] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2AAAAAw"]
[Thu Jan 16 14:20:45.606678 2025] [:error] [pid 507252] [client 45.135.232.70:49204] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /alpha/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNswAAAAc"]
[Thu Jan 16 14:20:45.606997 2025] [:error] [pid 507252] [client 45.135.232.70:49204] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNswAAAAc"]
[Thu Jan 16 14:20:45.607247 2025] [:error] [pid 507252] [client 45.135.232.70:49204] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNswAAAAc"]
[Thu Jan 16 14:20:45.607391 2025] [:error] [pid 501744] [client 45.135.232.70:49230] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/services/mailer/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/mailer/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIAAAAAY"]
[Thu Jan 16 14:20:45.607656 2025] [:error] [pid 501744] [client 45.135.232.70:49230] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/mailer/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIAAAAAY"]
[Thu Jan 16 14:20:45.607865 2025] [:error] [pid 501744] [client 45.135.232.70:49230] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/services/mailer/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIAAAAAY"]
[Thu Jan 16 14:20:45.609545 2025] [:error] [pid 510616] [client 45.135.232.70:49278] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /dev/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PAAAAAo"]
[Thu Jan 16 14:20:45.609835 2025] [:error] [pid 510616] [client 45.135.232.70:49278] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PAAAAAo"]
[Thu Jan 16 14:20:45.610100 2025] [:error] [pid 510616] [client 45.135.232.70:49278] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PAAAAAo"]
[Thu Jan 16 14:20:45.635799 2025] [:error] [pid 510615] [client 45.135.232.70:49294] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /jobs/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/jobs/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uAAAAAk"]
[Thu Jan 16 14:20:45.636316 2025] [:error] [pid 510615] [client 45.135.232.70:49294] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/jobs/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uAAAAAk"]
[Thu Jan 16 14:20:45.636687 2025] [:error] [pid 510615] [client 45.135.232.70:49294] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/jobs/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uAAAAAk"]
[Thu Jan 16 14:20:45.690814 2025] [:error] [pid 510617] [client 45.135.232.70:49326] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/mail/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/mail/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLwAAAAs"]
[Thu Jan 16 14:20:45.691298 2025] [:error] [pid 510617] [client 45.135.232.70:49326] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/mail/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLwAAAAs"]
[Thu Jan 16 14:20:45.691597 2025] [:error] [pid 510617] [client 45.135.232.70:49326] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/mail/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiLwAAAAs"]
[Thu Jan 16 14:20:45.703539 2025] [:error] [pid 510631] [client 45.135.232.70:49336] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /marketing/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/marketing/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYAAAAA4"]
[Thu Jan 16 14:20:45.703933 2025] [:error] [pid 510631] [client 45.135.232.70:49336] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/marketing/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYAAAAA4"]
[Thu Jan 16 14:20:45.704205 2025] [:error] [pid 510631] [client 45.135.232.70:49336] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/marketing/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYAAAAA4"]
[Thu Jan 16 14:20:45.720524 2025] [:error] [pid 511460] [client 45.135.232.70:49256] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fQAAAAA"]
[Thu Jan 16 14:20:45.720987 2025] [:error] [pid 511460] [client 45.135.232.70:49256] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fQAAAAA"]
[Thu Jan 16 14:20:45.721296 2025] [:error] [pid 511460] [client 45.135.232.70:49256] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fQAAAAA"]
[Thu Jan 16 14:20:45.726842 2025] [:error] [pid 500655] [client 45.135.232.70:49310] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/user/v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhgAAAAM"]
[Thu Jan 16 14:20:45.727306 2025] [:error] [pid 500655] [client 45.135.232.70:49310] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhgAAAAM"]
[Thu Jan 16 14:20:45.727671 2025] [:error] [pid 500655] [client 45.135.232.70:49310] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/user/v1/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhgAAAAM"]
[Thu Jan 16 14:20:45.729145 2025] [:error] [pid 510616] [client 45.135.232.70:49398] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /application/core/services/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/core/services/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PQAAAAo"]
[Thu Jan 16 14:20:45.730399 2025] [:error] [pid 510616] [client 45.135.232.70:49398] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/core/services/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PQAAAAo"]
[Thu Jan 16 14:20:45.731987 2025] [:error] [pid 510637] [client 45.135.232.70:49324] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VegAAAA8"]
[Thu Jan 16 14:20:45.732370 2025] [:error] [pid 510637] [client 45.135.232.70:49324] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VegAAAA8"]
[Thu Jan 16 14:20:45.732688 2025] [:error] [pid 510637] [client 45.135.232.70:49324] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VegAAAA8"]
[Thu Jan 16 14:20:45.733987 2025] [:error] [pid 500653] [client 45.135.232.70:49368] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/mailjet/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mailjet/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDwAAAAE"]
[Thu Jan 16 14:20:45.734276 2025] [:error] [pid 510629] [client 45.135.232.70:49386] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2QAAAAw"]
[Thu Jan 16 14:20:45.734514 2025] [:error] [pid 500653] [client 45.135.232.70:49368] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mailjet/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDwAAAAE"]
[Thu Jan 16 14:20:45.734560 2025] [:error] [pid 510629] [client 45.135.232.70:49386] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2QAAAAw"]
[Thu Jan 16 14:20:45.734750 2025] [:error] [pid 510629] [client 45.135.232.70:49386] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2QAAAAw"]
[Thu Jan 16 14:20:45.734927 2025] [:error] [pid 500653] [client 45.135.232.70:49368] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mailjet/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNDwAAAAE"]
[Thu Jan 16 14:20:45.735395 2025] [:error] [pid 510616] [client 45.135.232.70:49398] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/core/services/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PQAAAAo"]
[Thu Jan 16 14:20:45.740647 2025] [:error] [pid 501744] [client 45.135.232.70:49352] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /services/mail-service/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mail-service/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIQAAAAY"]
[Thu Jan 16 14:20:45.740901 2025] [:error] [pid 501744] [client 45.135.232.70:49352] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mail-service/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIQAAAAY"]
[Thu Jan 16 14:20:45.741089 2025] [:error] [pid 501744] [client 45.135.232.70:49352] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/mail-service/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIQAAAAY"]
[Thu Jan 16 14:20:45.747769 2025] [:error] [pid 510615] [client 45.135.232.70:49418] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uQAAAAk"]
[Thu Jan 16 14:20:45.747967 2025] [:error] [pid 510615] [client 45.135.232.70:49418] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uQAAAAk"]
[Thu Jan 16 14:20:45.748132 2025] [:error] [pid 510615] [client 45.135.232.70:49418] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uQAAAAk"]
[Thu Jan 16 14:20:45.748221 2025] [:error] [pid 507252] [client 45.135.232.70:49374] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/notification/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/notification/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNtAAAAAc"]
[Thu Jan 16 14:20:45.748951 2025] [:error] [pid 507252] [client 45.135.232.70:49374] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/notification/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNtAAAAAc"]
[Thu Jan 16 14:20:45.749438 2025] [:error] [pid 507252] [client 45.135.232.70:49374] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/notification/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNtAAAAAc"]
[Thu Jan 16 14:20:45.805023 2025] [:error] [pid 510617] [client 45.135.232.70:49420] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiMAAAAAs"]
[Thu Jan 16 14:20:45.805359 2025] [:error] [pid 510617] [client 45.135.232.70:49420] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiMAAAAAs"]
[Thu Jan 16 14:20:45.805574 2025] [:error] [pid 510617] [client 45.135.232.70:49420] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiMAAAAAs"]
[Thu Jan 16 14:20:45.822923 2025] [:error] [pid 510631] [client 45.135.232.70:49564] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /user/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYQAAAA4"]
[Thu Jan 16 14:20:45.823277 2025] [:error] [pid 510631] [client 45.135.232.70:49564] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYQAAAA4"]
[Thu Jan 16 14:20:45.823508 2025] [:error] [pid 510631] [client 45.135.232.70:49564] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYQAAAA4"]
[Thu Jan 16 14:20:45.850031 2025] [:error] [pid 511460] [client 45.135.232.70:49532] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wiki/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fgAAAAA"]
[Thu Jan 16 14:20:45.853269 2025] [:error] [pid 510616] [client 45.135.232.70:49570] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/custom-plugin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/custom-plugin/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PgAAAAo"]
[Thu Jan 16 14:20:45.853898 2025] [:error] [pid 510616] [client 45.135.232.70:49570] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/custom-plugin/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PgAAAAo"]
[Thu Jan 16 14:20:45.854343 2025] [:error] [pid 510616] [client 45.135.232.70:49570] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/custom-plugin/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PgAAAAo"]
[Thu Jan 16 14:20:45.857746 2025] [:error] [pid 500655] [client 45.135.232.70:49462] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /tools/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhwAAAAM"]
[Thu Jan 16 14:20:45.858075 2025] [:error] [pid 500655] [client 45.135.232.70:49462] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhwAAAAM"]
[Thu Jan 16 14:20:45.858369 2025] [:error] [pid 500655] [client 45.135.232.70:49462] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwzhwAAAAM"]
[Thu Jan 16 14:20:45.858590 2025] [:error] [pid 510629] [client 45.135.232.70:49506] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2gAAAAw"]
[Thu Jan 16 14:20:45.858949 2025] [:error] [pid 510629] [client 45.135.232.70:49506] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2gAAAAw"]
[Thu Jan 16 14:20:45.859202 2025] [:error] [pid 510629] [client 45.135.232.70:49506] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2gAAAAw"]
[Thu Jan 16 14:20:45.859566 2025] [:error] [pid 511460] [client 45.135.232.70:49532] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fgAAAAA"]
[Thu Jan 16 14:20:45.859794 2025] [:error] [pid 511460] [client 45.135.232.70:49532] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wiki/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fgAAAAA"]
[Thu Jan 16 14:20:45.863893 2025] [:error] [pid 510637] [client 45.135.232.70:49484] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v1/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VewAAAA8"]
[Thu Jan 16 14:20:45.864217 2025] [:error] [pid 510637] [client 45.135.232.70:49484] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VewAAAA8"]
[Thu Jan 16 14:20:45.864481 2025] [:error] [pid 510637] [client 45.135.232.70:49484] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VewAAAA8"]
[Thu Jan 16 14:20:45.865261 2025] [:error] [pid 510615] [client 45.135.232.70:49576] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /test/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0ugAAAAk"]
[Thu Jan 16 14:20:45.865448 2025] [:error] [pid 510615] [client 45.135.232.70:49576] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0ugAAAAk"]
[Thu Jan 16 14:20:45.865593 2025] [:error] [pid 510615] [client 45.135.232.70:49576] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0ugAAAAk"]
[Thu Jan 16 14:20:45.868714 2025] [:error] [pid 500653] [client 45.135.232.70:49620] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNEAAAAAE"]
[Thu Jan 16 14:20:45.869285 2025] [:error] [pid 500653] [client 45.135.232.70:49620] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNEAAAAAE"]
[Thu Jan 16 14:20:45.869716 2025] [:error] [pid 500653] [client 45.135.232.70:49620] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.git/config"] [unique_id "Z4kHrZWbe3YhcT1jDQtNEAAAAAE"]
[Thu Jan 16 14:20:45.877726 2025] [:error] [pid 501744] [client 45.135.232.70:49424] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /workers/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/workers/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIgAAAAY"]
[Thu Jan 16 14:20:45.877923 2025] [:error] [pid 501744] [client 45.135.232.70:49424] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/workers/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIgAAAAY"]
[Thu Jan 16 14:20:45.878074 2025] [:error] [pid 501744] [client 45.135.232.70:49424] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/workers/.git/config"] [unique_id "Z4kHrZu1_bwn-OVhpZOlIgAAAAY"]
[Thu Jan 16 14:20:45.886902 2025] [:error] [pid 507252] [client 45.135.232.70:49610] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-includes/js/.git/config/admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config/admin/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNtQAAAAc"]
[Thu Jan 16 14:20:45.887179 2025] [:error] [pid 507252] [client 45.135.232.70:49610] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config/admin/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNtQAAAAc"]
[Thu Jan 16 14:20:45.887383 2025] [:error] [pid 507252] [client 45.135.232.70:49610] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-includes/js/.git/config/admin/.git/config"] [unique_id "Z4kHrc9-aCDtrS8J08kNtQAAAAc"]
[Thu Jan 16 14:20:45.930892 2025] [:error] [pid 510617] [client 45.135.232.70:49428] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v3/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiMQAAAAs"]
[Thu Jan 16 14:20:45.931362 2025] [:error] [pid 510617] [client 45.135.232.70:49428] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiMQAAAAs"]
[Thu Jan 16 14:20:45.931791 2025] [:error] [pid 510617] [client 45.135.232.70:49428] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v3/.git/config"] [unique_id "Z4kHrR0GqQT5iX5c5mKiMQAAAAs"]
[Thu Jan 16 14:20:45.946687 2025] [:error] [pid 511462] [client 45.135.232.70:49482] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/mu-plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/mu-plugins/.git/config"] [unique_id "Z4kHrd__iyt1VPg6sGmtPgAAAAQ"]
[Thu Jan 16 14:20:45.949024 2025] [:error] [pid 510631] [client 45.135.232.70:49516] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYgAAAA4"]
[Thu Jan 16 14:20:45.949454 2025] [:error] [pid 510631] [client 45.135.232.70:49516] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYgAAAA4"]
[Thu Jan 16 14:20:45.949667 2025] [:error] [pid 511461] [client 45.135.232.70:49448] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z4kHrRi1z6Kpc54N0oJcqwAAAAI"]
[Thu Jan 16 14:20:45.949916 2025] [:error] [pid 510631] [client 45.135.232.70:49516] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "Z4kHrall1LqbFli-TYExYgAAAA4"]
[Thu Jan 16 14:20:45.950456 2025] [:error] [pid 511461] [client 45.135.232.70:49448] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z4kHrRi1z6Kpc54N0oJcqwAAAAI"]
[Thu Jan 16 14:20:45.950913 2025] [:error] [pid 511461] [client 45.135.232.70:49448] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z4kHrRi1z6Kpc54N0oJcqwAAAAI"]
[Thu Jan 16 14:20:45.951167 2025] [:error] [pid 511462] [client 45.135.232.70:49482] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/mu-plugins/.git/config"] [unique_id "Z4kHrd__iyt1VPg6sGmtPgAAAAQ"]
[Thu Jan 16 14:20:45.951513 2025] [:error] [pid 511462] [client 45.135.232.70:49482] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/mu-plugins/.git/config"] [unique_id "Z4kHrd__iyt1VPg6sGmtPgAAAAQ"]
[Thu Jan 16 14:20:45.985077 2025] [:error] [pid 510616] [client 45.135.232.70:49492] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PwAAAAo"]
[Thu Jan 16 14:20:45.991194 2025] [:error] [pid 510629] [client 45.135.232.70:49556] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2wAAAAw"]
[Thu Jan 16 14:20:45.991808 2025] [:error] [pid 510629] [client 45.135.232.70:49556] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2wAAAAw"]
[Thu Jan 16 14:20:45.992210 2025] [:error] [pid 510629] [client 45.135.232.70:49556] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "Z4kHrUybss1A0El7xRHo2wAAAAw"]
[Thu Jan 16 14:20:45.996788 2025] [:error] [pid 511460] [client 45.135.232.70:49466] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/custom-theme/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/custom-theme/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fwAAAAA"]
[Thu Jan 16 14:20:45.997050 2025] [:error] [pid 511460] [client 45.135.232.70:49466] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/custom-theme/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fwAAAAA"]
[Thu Jan 16 14:20:45.997987 2025] [:error] [pid 510615] [client 45.135.232.70:49588] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /store/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uwAAAAk"]
[Thu Jan 16 14:20:45.998588 2025] [:error] [pid 500655] [client 45.135.232.70:49584] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /user/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwziAAAAAM"]
[Thu Jan 16 14:20:45.998691 2025] [:error] [pid 510637] [client 45.135.232.70:49626] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /store/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VfAAAAA8"]
[Thu Jan 16 14:20:45.998940 2025] [:error] [pid 510637] [client 45.135.232.70:49626] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VfAAAAA8"]
[Thu Jan 16 14:20:45.999098 2025] [:error] [pid 510637] [client 45.135.232.70:49626] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Z4kHrS99y7sHzDyIeh2VfAAAAA8"]
[Thu Jan 16 14:20:45.999174 2025] [:error] [pid 500655] [client 45.135.232.70:49584] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwziAAAAAM"]
[Thu Jan 16 14:20:45.999527 2025] [:error] [pid 511460] [client 45.135.232.70:49466] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/custom-theme/.git/config"] [unique_id "Z4kHrWMvBnNNNT6Ukk60fwAAAAA"]
[Thu Jan 16 14:20:45.999664 2025] [:error] [pid 500655] [client 45.135.232.70:49584] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.git/config"] [unique_id "Z4kHrQgnMRquV0bdEPwziAAAAAM"]
[Thu Jan 16 14:20:46.001763 2025] [:error] [pid 510616] [client 45.135.232.70:49492] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PwAAAAo"]
[Thu Jan 16 14:20:46.001971 2025] [:error] [pid 510616] [client 45.135.232.70:49492] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z4kHrU2UnlP04CIbRA95PwAAAAo"]
[Thu Jan 16 14:20:46.002602 2025] [:error] [pid 500653] [client 45.135.232.70:49540] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z4kHrpWbe3YhcT1jDQtNEQAAAAE"]
[Thu Jan 16 14:20:46.002765 2025] [:error] [pid 510615] [client 45.135.232.70:49588] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uwAAAAk"]
[Thu Jan 16 14:20:46.002930 2025] [:error] [pid 510615] [client 45.135.232.70:49588] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/store/.git/config"] [unique_id "Z4kHrcMsllM7RW6P3X-0uwAAAAk"]
[Thu Jan 16 14:20:46.003231 2025] [:error] [pid 500653] [client 45.135.232.70:49540] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z4kHrpWbe3YhcT1jDQtNEQAAAAE"]
[Thu Jan 16 14:20:46.003682 2025] [:error] [pid 500653] [client 45.135.232.70:49540] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z4kHrpWbe3YhcT1jDQtNEQAAAAE"]
[Thu Jan 16 14:20:46.014525 2025] [:error] [pid 501744] [client 45.135.232.70:49406] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /static/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Z4kHrpu1_bwn-OVhpZOlIwAAAAY"]
[Thu Jan 16 14:20:46.014704 2025] [:error] [pid 501744] [client 45.135.232.70:49406] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Z4kHrpu1_bwn-OVhpZOlIwAAAAY"]
[Thu Jan 16 14:20:46.014874 2025] [:error] [pid 501744] [client 45.135.232.70:49406] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.git/config"] [unique_id "Z4kHrpu1_bwn-OVhpZOlIwAAAAY"]
[Thu Jan 16 14:20:46.025641 2025] [:error] [pid 507252] [client 45.135.232.70:49470] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Z4kHrs9-aCDtrS8J08kNtgAAAAc"]
[Thu Jan 16 14:20:46.026004 2025] [:error] [pid 507252] [client 45.135.232.70:49470] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Z4kHrs9-aCDtrS8J08kNtgAAAAc"]
[Thu Jan 16 14:20:46.026405 2025] [:error] [pid 507252] [client 45.135.232.70:49470] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "Z4kHrs9-aCDtrS8J08kNtgAAAAc"]
[Thu Jan 16 14:20:46.072907 2025] [:error] [pid 510617] [client 45.135.232.70:49432] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /utils/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/utils/.git/config"] [unique_id "Z4kHrh0GqQT5iX5c5mKiMgAAAAs"]
[Thu Jan 16 14:20:46.073479 2025] [:error] [pid 510617] [client 45.135.232.70:49432] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/utils/.git/config"] [unique_id "Z4kHrh0GqQT5iX5c5mKiMgAAAAs"]
[Thu Jan 16 14:20:46.073899 2025] [:error] [pid 510617] [client 45.135.232.70:49432] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/utils/.git/config"] [unique_id "Z4kHrh0GqQT5iX5c5mKiMgAAAAs"]
[Thu Jan 16 14:20:46.088712 2025] [:error] [pid 510631] [client 45.135.232.70:49596] [client 45.135.232.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /v2/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Z4kHrqll1LqbFli-TYExYwAAAA4"]
[Thu Jan 16 14:20:46.089265 2025] [:error] [pid 510631] [client 45.135.232.70:49596] [client 45.135.232.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Z4kHrqll1LqbFli-TYExYwAAAA4"]
[Thu Jan 16 14:20:46.089659 2025] [:error] [pid 510631] [client 45.135.232.70:49596] [client 45.135.232.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.git/config"] [unique_id "Z4kHrqll1LqbFli-TYExYwAAAA4"]
[Wed Jan 22 04:45:30.736189 2025] [:error] [pid 632325] [client 52.63.44.47:33398] [client 52.63.44.47] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z5Bp2vJuKYPwpE6HVmkWfwAAAAc"]
[Wed Jan 22 04:45:30.737677 2025] [:error] [pid 632325] [client 52.63.44.47:33398] [client 52.63.44.47] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z5Bp2vJuKYPwpE6HVmkWfwAAAAc"]
[Wed Jan 22 04:45:30.738011 2025] [:error] [pid 632325] [client 52.63.44.47:33398] [client 52.63.44.47] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z5Bp2vJuKYPwpE6HVmkWfwAAAAc"]
[Wed Jan 22 15:46:09.212173 2025] [:error] [pid 634951] [client 13.201.16.232:51108] [client 13.201.16.232] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z5EEsc5fjOZJqrjfjGyQrQAAAAc"]
[Wed Jan 22 15:46:09.212636 2025] [:error] [pid 634951] [client 13.201.16.232:51108] [client 13.201.16.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z5EEsc5fjOZJqrjfjGyQrQAAAAc"]
[Wed Jan 22 15:46:09.212842 2025] [:error] [pid 634951] [client 13.201.16.232:51108] [client 13.201.16.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z5EEsc5fjOZJqrjfjGyQrQAAAAc"]
[Fri Jan 31 22:16:35.490878 2025] [:error] [pid 838831] [client 44.201.72.202:34992] [client 44.201.72.202] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z509s-VuC8BGINFRXm6--wAAAAU"]
[Fri Jan 31 22:16:35.494297 2025] [:error] [pid 838831] [client 44.201.72.202:34992] [client 44.201.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z509s-VuC8BGINFRXm6--wAAAAU"]
[Fri Jan 31 22:16:35.494700 2025] [:error] [pid 838831] [client 44.201.72.202:34992] [client 44.201.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z509s-VuC8BGINFRXm6--wAAAAU"]
[Fri Jan 31 22:16:38.599231 2025] [:error] [pid 844126] [client 44.201.72.202:35008] [client 44.201.72.202] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z509tuwOe_9n4zblmx_RjQAAAAk"]
[Fri Jan 31 22:16:38.599837 2025] [:error] [pid 844126] [client 44.201.72.202:35008] [client 44.201.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z509tuwOe_9n4zblmx_RjQAAAAk"]
[Fri Jan 31 22:16:38.600292 2025] [:error] [pid 844126] [client 44.201.72.202:35008] [client 44.201.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z509tuwOe_9n4zblmx_RjQAAAAk"]
[Mon Feb 03 06:12:21.494150 2025] [:error] [pid 903429] [client 34.219.159.38:39264] [client 34.219.159.38] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6BQNT-b1MI6wxyjKb03vgAAAAY"]
[Mon Feb 03 06:12:21.497466 2025] [:error] [pid 903429] [client 34.219.159.38:39264] [client 34.219.159.38] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6BQNT-b1MI6wxyjKb03vgAAAAY"]
[Mon Feb 03 06:12:21.497944 2025] [:error] [pid 903429] [client 34.219.159.38:39264] [client 34.219.159.38] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z6BQNT-b1MI6wxyjKb03vgAAAAY"]
[Tue Feb 04 18:17:47.096931 2025] [:error] [pid 924522] [client 195.178.110.164:59692] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6JLu3xisr8snLhHavq3DAAAAAQ"]
[Tue Feb 04 18:17:47.097528 2025] [:error] [pid 924522] [client 195.178.110.164:59692] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6JLu3xisr8snLhHavq3DAAAAAQ"]
[Tue Feb 04 18:17:47.098028 2025] [:error] [pid 924522] [client 195.178.110.164:59692] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6JLu3xisr8snLhHavq3DAAAAAQ"]
[Tue Feb 04 18:17:47.330637 2025] [:error] [pid 924547] [client 195.178.110.164:59708] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6JLu9m_B-Yx8AjMbXhrAwAAAAc"]
[Tue Feb 04 18:17:47.331413 2025] [:error] [pid 924547] [client 195.178.110.164:59708] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6JLu9m_B-Yx8AjMbXhrAwAAAAc"]
[Tue Feb 04 18:17:47.331890 2025] [:error] [pid 924547] [client 195.178.110.164:59708] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6JLu9m_B-Yx8AjMbXhrAwAAAAc"]
[Tue Feb 04 18:17:47.972253 2025] [:error] [pid 930078] [client 195.178.110.164:59748] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6JLu_pS7vRyCInSZk4t9gAAABA"]
[Tue Feb 04 18:17:47.972600 2025] [:error] [pid 930078] [client 195.178.110.164:59748] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6JLu_pS7vRyCInSZk4t9gAAABA"]
[Tue Feb 04 18:17:47.972832 2025] [:error] [pid 930078] [client 195.178.110.164:59748] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6JLu_pS7vRyCInSZk4t9gAAABA"]
[Tue Feb 04 18:17:48.140538 2025] [:error] [pid 924520] [client 195.178.110.164:59752] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6JLvIAGHU3OpFWHDeEetAAAAAI"]
[Tue Feb 04 18:17:48.141149 2025] [:error] [pid 924520] [client 195.178.110.164:59752] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6JLvIAGHU3OpFWHDeEetAAAAAI"]
[Tue Feb 04 18:17:48.141628 2025] [:error] [pid 924520] [client 195.178.110.164:59752] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6JLvIAGHU3OpFWHDeEetAAAAAI"]
[Tue Feb 04 18:17:48.305724 2025] [:error] [pid 926820] [client 195.178.110.164:59764] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6JLvBMczhhuJpxc6k70FgAAAAg"]
[Tue Feb 04 18:17:48.306382 2025] [:error] [pid 926820] [client 195.178.110.164:59764] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6JLvBMczhhuJpxc6k70FgAAAAg"]
[Tue Feb 04 18:17:48.306848 2025] [:error] [pid 926820] [client 195.178.110.164:59764] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6JLvBMczhhuJpxc6k70FgAAAAg"]
[Tue Feb 04 18:17:48.475152 2025] [:error] [pid 930077] [client 195.178.110.164:59780] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6JLvJuR4NuvADDRAE37pQAAAA8"]
[Tue Feb 04 18:17:48.475727 2025] [:error] [pid 930077] [client 195.178.110.164:59780] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6JLvJuR4NuvADDRAE37pQAAAA8"]
[Tue Feb 04 18:17:48.476248 2025] [:error] [pid 930077] [client 195.178.110.164:59780] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6JLvJuR4NuvADDRAE37pQAAAA8"]
[Tue Feb 04 18:17:48.631991 2025] [:error] [pid 924519] [client 195.178.110.164:59796] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6JLvDpUmt6dEBozw-uVWgAAAAE"]
[Tue Feb 04 18:17:48.632559 2025] [:error] [pid 924519] [client 195.178.110.164:59796] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6JLvDpUmt6dEBozw-uVWgAAAAE"]
[Tue Feb 04 18:17:48.633009 2025] [:error] [pid 924519] [client 195.178.110.164:59796] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6JLvDpUmt6dEBozw-uVWgAAAAE"]
[Tue Feb 04 18:17:48.799593 2025] [:error] [pid 924546] [client 195.178.110.164:59808] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z6JLvL2pWZCC-48cZtoABgAAAAY"]
[Tue Feb 04 18:17:48.800213 2025] [:error] [pid 924546] [client 195.178.110.164:59808] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z6JLvL2pWZCC-48cZtoABgAAAAY"]
[Tue Feb 04 18:17:48.800707 2025] [:error] [pid 924546] [client 195.178.110.164:59808] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z6JLvL2pWZCC-48cZtoABgAAAAY"]
[Tue Feb 04 18:17:48.961044 2025] [:error] [pid 924522] [client 195.178.110.164:59820] [client 195.178.110.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6JLvHxisr8snLhHavq3DQAAAAQ"]
[Tue Feb 04 18:17:48.961653 2025] [:error] [pid 924522] [client 195.178.110.164:59820] [client 195.178.110.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6JLvHxisr8snLhHavq3DQAAAAQ"]
[Tue Feb 04 18:17:48.962443 2025] [:error] [pid 924522] [client 195.178.110.164:59820] [client 195.178.110.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6JLvHxisr8snLhHavq3DQAAAAQ"]
[Sun Feb 09 23:51:49.415036 2025] [:error] [pid 1041048] [client 185.196.220.16:44998] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6kxhbgwXr-CSZN0PFr8KwAAABI"]
[Sun Feb 09 23:51:49.416761 2025] [:error] [pid 1041048] [client 185.196.220.16:44998] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6kxhbgwXr-CSZN0PFr8KwAAABI"]
[Sun Feb 09 23:51:49.417135 2025] [:error] [pid 1041048] [client 185.196.220.16:44998] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z6kxhbgwXr-CSZN0PFr8KwAAABI"]
[Sun Feb 09 23:51:49.683456 2025] [:error] [pid 1041041] [client 185.196.220.16:45014] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6kxhbEhMnm5cunCM9Nj5gAAAAs"]
[Sun Feb 09 23:51:49.684018 2025] [:error] [pid 1041041] [client 185.196.220.16:45014] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6kxhbEhMnm5cunCM9Nj5gAAAAs"]
[Sun Feb 09 23:51:49.684467 2025] [:error] [pid 1041041] [client 185.196.220.16:45014] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z6kxhbEhMnm5cunCM9Nj5gAAAAs"]
[Sun Feb 09 23:51:50.593445 2025] [:error] [pid 1041052] [client 185.196.220.16:45034] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6kxhotLacbunVf7UGmdoQAAABY"]
[Sun Feb 09 23:51:50.594019 2025] [:error] [pid 1041052] [client 185.196.220.16:45034] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6kxhotLacbunVf7UGmdoQAAABY"]
[Sun Feb 09 23:51:50.594501 2025] [:error] [pid 1041052] [client 185.196.220.16:45034] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z6kxhotLacbunVf7UGmdoQAAABY"]
[Sun Feb 09 23:51:50.797680 2025] [:error] [pid 1033858] [client 185.196.220.16:45040] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6kxhn_cdmOlG1JAjplC8gAAAAA"]
[Sun Feb 09 23:51:50.798320 2025] [:error] [pid 1033858] [client 185.196.220.16:45040] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6kxhn_cdmOlG1JAjplC8gAAAAA"]
[Sun Feb 09 23:51:50.798816 2025] [:error] [pid 1033858] [client 185.196.220.16:45040] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z6kxhn_cdmOlG1JAjplC8gAAAAA"]
[Sun Feb 09 23:51:51.221308 2025] [:error] [pid 1041063] [client 185.196.220.16:45054] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6kxh8NxcUl0FUrGBh6cUQAAACE"]
[Sun Feb 09 23:51:51.221889 2025] [:error] [pid 1041063] [client 185.196.220.16:45054] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6kxh8NxcUl0FUrGBh6cUQAAACE"]
[Sun Feb 09 23:51:51.222368 2025] [:error] [pid 1041063] [client 185.196.220.16:45054] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z6kxh8NxcUl0FUrGBh6cUQAAACE"]
[Sun Feb 09 23:51:51.433917 2025] [:error] [pid 1041060] [client 185.196.220.16:45058] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6kxh5UrtRrto1o4j70HgwAAAB4"]
[Sun Feb 09 23:51:51.434524 2025] [:error] [pid 1041060] [client 185.196.220.16:45058] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6kxh5UrtRrto1o4j70HgwAAAB4"]
[Sun Feb 09 23:51:51.434982 2025] [:error] [pid 1041060] [client 185.196.220.16:45058] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z6kxh5UrtRrto1o4j70HgwAAAB4"]
[Sun Feb 09 23:51:51.890907 2025] [:error] [pid 1041054] [client 185.196.220.16:45064] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6kxhw9IwlVa_qPDoulq5QAAABg"]
[Sun Feb 09 23:51:51.891482 2025] [:error] [pid 1041054] [client 185.196.220.16:45064] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6kxhw9IwlVa_qPDoulq5QAAABg"]
[Sun Feb 09 23:51:51.891939 2025] [:error] [pid 1041054] [client 185.196.220.16:45064] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z6kxhw9IwlVa_qPDoulq5QAAABg"]
[Sun Feb 09 23:51:52.176814 2025] [:error] [pid 1041066] [client 185.196.220.16:45074] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z6kxiM75mCUn2YCUg_yOKAAAACQ"]
[Sun Feb 09 23:51:52.177488 2025] [:error] [pid 1041066] [client 185.196.220.16:45074] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z6kxiM75mCUn2YCUg_yOKAAAACQ"]
[Sun Feb 09 23:51:52.177917 2025] [:error] [pid 1041066] [client 185.196.220.16:45074] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z6kxiM75mCUn2YCUg_yOKAAAACQ"]
[Sun Feb 09 23:51:52.431442 2025] [:error] [pid 1041048] [client 185.196.220.16:45090] [client 185.196.220.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6kxiLgwXr-CSZN0PFr8LAAAABI"]
[Sun Feb 09 23:51:52.432128 2025] [:error] [pid 1041048] [client 185.196.220.16:45090] [client 185.196.220.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6kxiLgwXr-CSZN0PFr8LAAAABI"]
[Sun Feb 09 23:51:52.432583 2025] [:error] [pid 1041048] [client 185.196.220.16:45090] [client 185.196.220.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z6kxiLgwXr-CSZN0PFr8LAAAABI"]
[Fri Feb 14 17:21:47.622195 2025] [:error] [pid 1151894] [client 89.248.163.4:60510] [client 89.248.163.4] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z69tm0Vt3zdSFwpQKAlppwAAAA0"]
[Fri Feb 14 17:21:47.624084 2025] [:error] [pid 1151894] [client 89.248.163.4:60510] [client 89.248.163.4] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z69tm0Vt3zdSFwpQKAlppwAAAA0"]
[Fri Feb 14 17:21:47.624559 2025] [:error] [pid 1151894] [client 89.248.163.4:60510] [client 89.248.163.4] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z69tm0Vt3zdSFwpQKAlppwAAAA0"]
[Wed Feb 19 05:51:49.111586 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywogAAAAM"]
[Wed Feb 19 05:51:49.113702 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywogAAAAM"]
[Wed Feb 19 05:51:49.114311 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywogAAAAM"]
[Wed Feb 19 05:51:49.137237 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywowAAAAM"]
[Wed Feb 19 05:51:49.137744 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywowAAAAM"]
[Wed Feb 19 05:51:49.138309 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywowAAAAM"]
[Wed Feb 19 05:51:49.161334 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpAAAAAM"]
[Wed Feb 19 05:51:49.161704 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpAAAAAM"]
[Wed Feb 19 05:51:49.162156 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpAAAAAM"]
[Wed Feb 19 05:51:49.185392 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpQAAAAM"]
[Wed Feb 19 05:51:49.185764 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpQAAAAM"]
[Wed Feb 19 05:51:49.186212 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpQAAAAM"]
[Wed Feb 19 05:51:49.209344 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpgAAAAM"]
[Wed Feb 19 05:51:49.209710 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpgAAAAM"]
[Wed Feb 19 05:51:49.210162 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpgAAAAM"]
[Wed Feb 19 05:51:49.233336 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpwAAAAM"]
[Wed Feb 19 05:51:49.233698 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpwAAAAM"]
[Wed Feb 19 05:51:49.234143 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywpwAAAAM"]
[Wed Feb 19 05:51:49.257416 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqAAAAAM"]
[Wed Feb 19 05:51:49.257827 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqAAAAAM"]
[Wed Feb 19 05:51:49.258336 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqAAAAAM"]
[Wed Feb 19 05:51:49.284365 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqQAAAAM"]
[Wed Feb 19 05:51:49.285076 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqQAAAAM"]
[Wed Feb 19 05:51:49.285790 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqQAAAAM"]
[Wed Feb 19 05:51:49.308841 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqgAAAAM"]
[Wed Feb 19 05:51:49.309112 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqgAAAAM"]
[Wed Feb 19 05:51:49.309397 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqgAAAAM"]
[Wed Feb 19 05:51:49.333611 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqwAAAAM"]
[Wed Feb 19 05:51:49.334179 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqwAAAAM"]
[Wed Feb 19 05:51:49.334786 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywqwAAAAM"]
[Wed Feb 19 05:51:49.381431 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrAAAAAM"]
[Wed Feb 19 05:51:49.381823 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrAAAAAM"]
[Wed Feb 19 05:51:49.382362 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrAAAAAM"]
[Wed Feb 19 05:51:49.405633 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrQAAAAM"]
[Wed Feb 19 05:51:49.406012 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrQAAAAM"]
[Wed Feb 19 05:51:49.406501 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrQAAAAM"]
[Wed Feb 19 05:51:49.429595 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrgAAAAM"]
[Wed Feb 19 05:51:49.429976 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrgAAAAM"]
[Wed Feb 19 05:51:49.430449 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrgAAAAM"]
[Wed Feb 19 05:51:49.453599 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrwAAAAM"]
[Wed Feb 19 05:51:49.453972 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrwAAAAM"]
[Wed Feb 19 05:51:49.454648 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywrwAAAAM"]
[Wed Feb 19 05:51:49.477399 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.project"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "Z7VjZQzqEFiMFYV11BywsAAAAAM"]
[Wed Feb 19 05:51:49.477786 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "Z7VjZQzqEFiMFYV11BywsAAAAAM"]
[Wed Feb 19 05:51:49.478282 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.project"] [unique_id "Z7VjZQzqEFiMFYV11BywsAAAAAM"]
[Wed Feb 19 05:51:49.501364 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywsQAAAAM"]
[Wed Feb 19 05:51:49.501735 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywsQAAAAM"]
[Wed Feb 19 05:51:49.502196 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywsQAAAAM"]
[Wed Feb 19 05:51:49.532998 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywsgAAAAM"]
[Wed Feb 19 05:51:49.533413 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywsgAAAAM"]
[Wed Feb 19 05:51:49.533918 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "Z7VjZQzqEFiMFYV11BywsgAAAAM"]
[Wed Feb 19 05:51:49.658658 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjZQzqEFiMFYV11BywtgAAAAM"]
[Wed Feb 19 05:51:49.658944 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjZQzqEFiMFYV11BywtgAAAAM"]
[Wed Feb 19 05:51:49.659291 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjZQzqEFiMFYV11BywtgAAAAM"]
[Wed Feb 19 05:51:49.659755 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "Z7VjZQzqEFiMFYV11BywtgAAAAM"]
[Wed Feb 19 05:51:49.683221 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjZQzqEFiMFYV11BywtwAAAAM"]
[Wed Feb 19 05:51:49.683505 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjZQzqEFiMFYV11BywtwAAAAM"]
[Wed Feb 19 05:51:49.683854 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjZQzqEFiMFYV11BywtwAAAAM"]
[Wed Feb 19 05:51:49.684345 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "Z7VjZQzqEFiMFYV11BywtwAAAAM"]
[Wed Feb 19 05:51:49.708736 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjZQzqEFiMFYV11BywuAAAAAM"]
[Wed Feb 19 05:51:49.709092 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjZQzqEFiMFYV11BywuAAAAAM"]
[Wed Feb 19 05:51:49.709459 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjZQzqEFiMFYV11BywuAAAAAM"]
[Wed Feb 19 05:51:49.709940 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "Z7VjZQzqEFiMFYV11BywuAAAAAM"]
[Wed Feb 19 05:51:49.733621 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "Z7VjZQzqEFiMFYV11BywuQAAAAM"]
[Wed Feb 19 05:51:49.733985 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "Z7VjZQzqEFiMFYV11BywuQAAAAM"]
[Wed Feb 19 05:51:49.734539 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "Z7VjZQzqEFiMFYV11BywuQAAAAM"]
[Wed Feb 19 05:51:49.759293 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "Z7VjZQzqEFiMFYV11BywugAAAAM"]
[Wed Feb 19 05:51:49.759666 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "Z7VjZQzqEFiMFYV11BywugAAAAM"]
[Wed Feb 19 05:51:49.760157 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "Z7VjZQzqEFiMFYV11BywugAAAAM"]
[Wed Feb 19 05:51:49.783505 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "Z7VjZQzqEFiMFYV11BywuwAAAAM"]
[Wed Feb 19 05:51:49.783886 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "Z7VjZQzqEFiMFYV11BywuwAAAAM"]
[Wed Feb 19 05:51:49.784343 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "Z7VjZQzqEFiMFYV11BywuwAAAAM"]
[Wed Feb 19 05:51:49.808893 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VjZQzqEFiMFYV11BywvAAAAAM"]
[Wed Feb 19 05:51:49.809296 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VjZQzqEFiMFYV11BywvAAAAAM"]
[Wed Feb 19 05:51:49.810041 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "Z7VjZQzqEFiMFYV11BywvAAAAAM"]
[Wed Feb 19 05:51:49.834103 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VjZQzqEFiMFYV11BywvQAAAAM"]
[Wed Feb 19 05:51:49.834574 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VjZQzqEFiMFYV11BywvQAAAAM"]
[Wed Feb 19 05:51:49.835021 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "Z7VjZQzqEFiMFYV11BywvQAAAAM"]
[Wed Feb 19 05:51:49.858417 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "Z7VjZQzqEFiMFYV11BywvgAAAAM"]
[Wed Feb 19 05:51:49.858815 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "Z7VjZQzqEFiMFYV11BywvgAAAAM"]
[Wed Feb 19 05:51:49.859262 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "Z7VjZQzqEFiMFYV11BywvgAAAAM"]
[Wed Feb 19 05:51:49.882647 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VjZQzqEFiMFYV11BywvwAAAAM"]
[Wed Feb 19 05:51:49.883015 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VjZQzqEFiMFYV11BywvwAAAAM"]
[Wed Feb 19 05:51:49.883478 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7VjZQzqEFiMFYV11BywvwAAAAM"]
[Wed Feb 19 05:51:49.914510 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VjZQzqEFiMFYV11BywwAAAAAM"]
[Wed Feb 19 05:51:49.914910 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VjZQzqEFiMFYV11BywwAAAAAM"]
[Wed Feb 19 05:51:49.915372 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "Z7VjZQzqEFiMFYV11BywwAAAAAM"]
[Wed Feb 19 05:51:49.942150 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.travis"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "Z7VjZQzqEFiMFYV11BywwQAAAAM"]
[Wed Feb 19 05:51:49.942628 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "Z7VjZQzqEFiMFYV11BywwQAAAAM"]
[Wed Feb 19 05:51:49.943090 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "Z7VjZQzqEFiMFYV11BywwQAAAAM"]
[Wed Feb 19 05:51:49.968305 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "Z7VjZQzqEFiMFYV11BywwgAAAAM"]
[Wed Feb 19 05:51:49.968669 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "Z7VjZQzqEFiMFYV11BywwgAAAAM"]
[Wed Feb 19 05:51:49.969165 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "Z7VjZQzqEFiMFYV11BywwgAAAAM"]
[Wed Feb 19 05:51:50.098499 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "Z7VjZgzqEFiMFYV11BywwwAAAAM"]
[Wed Feb 19 05:51:50.098878 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "Z7VjZgzqEFiMFYV11BywwwAAAAM"]
[Wed Feb 19 05:51:50.099345 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "Z7VjZgzqEFiMFYV11BywwwAAAAM"]
[Wed Feb 19 05:51:50.537535 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VjZgzqEFiMFYV11BywygAAAAM"]
[Wed Feb 19 05:51:50.537954 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VjZgzqEFiMFYV11BywygAAAAM"]
[Wed Feb 19 05:51:50.538473 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z7VjZgzqEFiMFYV11BywygAAAAM"]
[Wed Feb 19 05:51:50.622404 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7VjZgzqEFiMFYV11BywzQAAAAM"]
[Wed Feb 19 05:51:50.622717 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7VjZgzqEFiMFYV11BywzQAAAAM"]
[Wed Feb 19 05:51:50.623104 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7VjZgzqEFiMFYV11BywzQAAAAM"]
[Wed Feb 19 05:51:50.623558 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "Z7VjZgzqEFiMFYV11BywzQAAAAM"]
[Wed Feb 19 05:51:50.647665 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z7VjZgzqEFiMFYV11BywzgAAAAM"]
[Wed Feb 19 05:51:50.648078 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z7VjZgzqEFiMFYV11BywzgAAAAM"]
[Wed Feb 19 05:51:50.648555 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z7VjZgzqEFiMFYV11BywzgAAAAM"]
[Wed Feb 19 05:51:50.672834 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "Z7VjZgzqEFiMFYV11BywzwAAAAM"]
[Wed Feb 19 05:51:50.673375 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "Z7VjZgzqEFiMFYV11BywzwAAAAM"]
[Wed Feb 19 05:51:50.673864 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "Z7VjZgzqEFiMFYV11BywzwAAAAM"]
[Wed Feb 19 05:51:50.696946 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7VjZgzqEFiMFYV11Byw0AAAAAM"]
[Wed Feb 19 05:51:50.697248 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7VjZgzqEFiMFYV11Byw0AAAAAM"]
[Wed Feb 19 05:51:50.697608 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7VjZgzqEFiMFYV11Byw0AAAAAM"]
[Wed Feb 19 05:51:50.698066 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "Z7VjZgzqEFiMFYV11Byw0AAAAAM"]
[Wed Feb 19 05:51:50.931062 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "Z7VjZgzqEFiMFYV11Byw2QAAAAM"]
[Wed Feb 19 05:51:50.931439 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "Z7VjZgzqEFiMFYV11Byw2QAAAAM"]
[Wed Feb 19 05:51:50.931984 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "Z7VjZgzqEFiMFYV11Byw2QAAAAM"]
[Wed Feb 19 05:51:50.981420 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7VjZgzqEFiMFYV11Byw2wAAAAM"]
[Wed Feb 19 05:51:50.981823 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7VjZgzqEFiMFYV11Byw2wAAAAM"]
[Wed Feb 19 05:51:50.982341 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "Z7VjZgzqEFiMFYV11Byw2wAAAAM"]
[Wed Feb 19 05:51:51.008558 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3AAAAAM"]
[Wed Feb 19 05:51:51.008944 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3AAAAAM"]
[Wed Feb 19 05:51:51.009400 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3AAAAAM"]
[Wed Feb 19 05:51:51.033482 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:80/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3QAAAAM"]
[Wed Feb 19 05:51:51.033848 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3QAAAAM"]
[Wed Feb 19 05:51:51.034350 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3QAAAAM"]
[Wed Feb 19 05:51:51.057527 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:443/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3gAAAAM"]
[Wed Feb 19 05:51:51.057899 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3gAAAAM"]
[Wed Feb 19 05:51:51.058448 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3gAAAAM"]
[Wed Feb 19 05:51:51.148742 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:432/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:432/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3wAAAAM"]
[Wed Feb 19 05:51:51.149128 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:432/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3wAAAAM"]
[Wed Feb 19 05:51:51.149608 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:432/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw3wAAAAM"]
[Wed Feb 19 05:51:51.180421 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:8000/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:8000/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw4AAAAAM"]
[Wed Feb 19 05:51:51.180823 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:8000/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw4AAAAAM"]
[Wed Feb 19 05:51:51.181291 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:8000/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw4AAAAAM"]
[Wed Feb 19 05:51:51.204420 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:8080/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw4QAAAAM"]
[Wed Feb 19 05:51:51.204833 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw4QAAAAM"]
[Wed Feb 19 05:51:51.205274 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw4QAAAAM"]
[Wed Feb 19 05:51:51.601475 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Z7VjZwzqEFiMFYV11Byw7QAAAAM"]
[Wed Feb 19 05:51:51.601881 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Z7VjZwzqEFiMFYV11Byw7QAAAAM"]
[Wed Feb 19 05:51:51.602420 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "Z7VjZwzqEFiMFYV11Byw7QAAAAM"]
[Wed Feb 19 05:51:51.625407 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "Z7VjZwzqEFiMFYV11Byw7gAAAAM"]
[Wed Feb 19 05:51:51.625949 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "Z7VjZwzqEFiMFYV11Byw7gAAAAM"]
[Wed Feb 19 05:51:51.626454 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "Z7VjZwzqEFiMFYV11Byw7gAAAAM"]
[Wed Feb 19 05:51:51.706206 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "Z7VjZwzqEFiMFYV11Byw8QAAAAM"]
[Wed Feb 19 05:51:51.706835 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "Z7VjZwzqEFiMFYV11Byw8QAAAAM"]
[Wed Feb 19 05:51:51.707293 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "Z7VjZwzqEFiMFYV11Byw8QAAAAM"]
[Wed Feb 19 05:51:51.732474 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lara/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw8gAAAAM"]
[Wed Feb 19 05:51:51.732831 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw8gAAAAM"]
[Wed Feb 19 05:51:51.733305 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Lara/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw8gAAAAM"]
[Wed Feb 19 05:51:51.847259 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw9gAAAAM"]
[Wed Feb 19 05:51:51.847776 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw9gAAAAM"]
[Wed Feb 19 05:51:51.848255 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw9gAAAAM"]
[Wed Feb 19 05:51:51.873541 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw9wAAAAM"]
[Wed Feb 19 05:51:51.873992 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw9wAAAAM"]
[Wed Feb 19 05:51:51.874736 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw9wAAAAM"]
[Wed Feb 19 05:51:51.897687 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw-AAAAAM"]
[Wed Feb 19 05:51:51.898087 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw-AAAAAM"]
[Wed Feb 19 05:51:51.898626 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw-AAAAAM"]
[Wed Feb 19 05:51:51.921678 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw-QAAAAM"]
[Wed Feb 19 05:51:51.922064 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw-QAAAAM"]
[Wed Feb 19 05:51:51.922566 2025] [:error] [pid 1258388] [client 193.41.206.98:57436] [client 193.41.206.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "Z7VjZwzqEFiMFYV11Byw-QAAAAM"]
[Sat Feb 22 03:25:59.910956 2025] [:error] [pid 1324770] [client 45.148.10.166:38316] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7k1t010iGF_xgbBjepvXAAAAAI"], referer: https://www.google.com/
[Sat Feb 22 03:25:59.913437 2025] [:error] [pid 1324770] [client 45.148.10.166:38316] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7k1t010iGF_xgbBjepvXAAAAAI"], referer: https://www.google.com/
[Sat Feb 22 03:25:59.913955 2025] [:error] [pid 1324770] [client 45.148.10.166:38316] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z7k1t010iGF_xgbBjepvXAAAAAI"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.074396 2025] [:error] [pid 1324801] [client 45.148.10.166:38318] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7k1uEIDaHMGZ72cYjodTgAAAAY"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.075415 2025] [:error] [pid 1324801] [client 45.148.10.166:38318] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7k1uEIDaHMGZ72cYjodTgAAAAY"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.075909 2025] [:error] [pid 1324801] [client 45.148.10.166:38318] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z7k1uEIDaHMGZ72cYjodTgAAAAY"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.461650 2025] [:error] [pid 1324873] [client 45.148.10.166:38330] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7k1uCnGn57UX6drZcObBQAAAEw"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.462663 2025] [:error] [pid 1324873] [client 45.148.10.166:38330] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7k1uCnGn57UX6drZcObBQAAAEw"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.463129 2025] [:error] [pid 1324873] [client 45.148.10.166:38330] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z7k1uCnGn57UX6drZcObBQAAAEw"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.594031 2025] [:error] [pid 1324877] [client 45.148.10.166:38334] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7k1uPEC0wnK7F1RxU-HmQAAAFA"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.595685 2025] [:error] [pid 1324877] [client 45.148.10.166:38334] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7k1uPEC0wnK7F1RxU-HmQAAAFA"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.596280 2025] [:error] [pid 1324877] [client 45.148.10.166:38334] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z7k1uPEC0wnK7F1RxU-HmQAAAFA"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.705098 2025] [:error] [pid 1324875] [client 45.148.10.166:38338] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7k1uIXfBZocK-8lZnXdmQAAAE4"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.705658 2025] [:error] [pid 1324875] [client 45.148.10.166:38338] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7k1uIXfBZocK-8lZnXdmQAAAE4"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.705954 2025] [:error] [pid 1324875] [client 45.148.10.166:38338] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z7k1uIXfBZocK-8lZnXdmQAAAE4"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.859802 2025] [:error] [pid 1324876] [client 45.148.10.166:38340] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7k1uC0lx6EHu5d66nqo0wAAAE8"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.860191 2025] [:error] [pid 1324876] [client 45.148.10.166:38340] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7k1uC0lx6EHu5d66nqo0wAAAE8"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.860390 2025] [:error] [pid 1324876] [client 45.148.10.166:38340] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z7k1uC0lx6EHu5d66nqo0wAAAE8"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.986044 2025] [:error] [pid 1324878] [client 45.148.10.166:38344] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7k1uJCEpSQB_HZ02bvGowAAAFE"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.987039 2025] [:error] [pid 1324878] [client 45.148.10.166:38344] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7k1uJCEpSQB_HZ02bvGowAAAFE"], referer: https://www.google.com/
[Sat Feb 22 03:26:00.987482 2025] [:error] [pid 1324878] [client 45.148.10.166:38344] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z7k1uJCEpSQB_HZ02bvGowAAAFE"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.087080 2025] [:error] [pid 1324879] [client 45.148.10.166:38350] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7k1uXzwg1sUFvYIvKHOoQAAAFI"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.088041 2025] [:error] [pid 1324879] [client 45.148.10.166:38350] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7k1uXzwg1sUFvYIvKHOoQAAAFI"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.088555 2025] [:error] [pid 1324879] [client 45.148.10.166:38350] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z7k1uXzwg1sUFvYIvKHOoQAAAFI"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.203468 2025] [:error] [pid 1324770] [client 45.148.10.166:38352] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7k1uU10iGF_xgbBjepvXQAAAAI"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.203834 2025] [:error] [pid 1324770] [client 45.148.10.166:38352] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7k1uU10iGF_xgbBjepvXQAAAAI"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.204011 2025] [:error] [pid 1324770] [client 45.148.10.166:38352] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z7k1uU10iGF_xgbBjepvXQAAAAI"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.569713 2025] [:error] [pid 1324874] [client 45.148.10.166:38386] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7k1uftky72f57E6I5D02AAAAE0"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.570793 2025] [:error] [pid 1324874] [client 45.148.10.166:38386] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7k1uftky72f57E6I5D02AAAAE0"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.571298 2025] [:error] [pid 1324874] [client 45.148.10.166:38386] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "Z7k1uftky72f57E6I5D02AAAAE0"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.673862 2025] [:error] [pid 1324873] [client 45.148.10.166:38394] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7k1uSnGn57UX6drZcObBgAAAEw"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.675045 2025] [:error] [pid 1324873] [client 45.148.10.166:38394] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7k1uSnGn57UX6drZcObBgAAAEw"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.675548 2025] [:error] [pid 1324873] [client 45.148.10.166:38394] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "Z7k1uSnGn57UX6drZcObBgAAAEw"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.789143 2025] [:error] [pid 1324877] [client 45.148.10.166:38406] [client 45.148.10.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7k1ufEC0wnK7F1RxU-HmgAAAFA"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.790121 2025] [:error] [pid 1324877] [client 45.148.10.166:38406] [client 45.148.10.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7k1ufEC0wnK7F1RxU-HmgAAAFA"], referer: https://www.google.com/
[Sat Feb 22 03:26:01.790599 2025] [:error] [pid 1324877] [client 45.148.10.166:38406] [client 45.148.10.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "Z7k1ufEC0wnK7F1RxU-HmgAAAFA"], referer: https://www.google.com/
[Thu Feb 27 17:44:52.507671 2025] [:error] [pid 1444806] [client 18.133.175.70:46992] [client 18.133.175.70] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8CWhPHy0mwrVDgsmeskGgAAAAE"]
[Thu Feb 27 17:44:52.509815 2025] [:error] [pid 1444806] [client 18.133.175.70:46992] [client 18.133.175.70] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8CWhPHy0mwrVDgsmeskGgAAAAE"]
[Thu Feb 27 17:44:52.510120 2025] [:error] [pid 1444806] [client 18.133.175.70:46992] [client 18.133.175.70] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8CWhPHy0mwrVDgsmeskGgAAAAE"]
[Fri Feb 28 03:06:12.386877 2025] [authz_core:error] [pid 1466899] [client 139.59.132.8:39796] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Fri Feb 28 03:06:13.686790 2025] [:error] [pid 1466904] [client 139.59.132.8:39834] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z8EaFROUSWwdYIlHU629RAAAABE"]
[Fri Feb 28 03:06:13.687183 2025] [:error] [pid 1466904] [client 139.59.132.8:39834] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z8EaFROUSWwdYIlHU629RAAAABE"]
[Fri Feb 28 03:06:13.687472 2025] [:error] [pid 1466904] [client 139.59.132.8:39834] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "Z8EaFROUSWwdYIlHU629RAAAABE"]
[Fri Feb 28 03:06:13.919693 2025] [:error] [pid 1466905] [client 139.59.132.8:39836] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8EaFW-kRgrJBLrEjXat3QAAABI"]
[Fri Feb 28 03:06:13.920280 2025] [:error] [pid 1466905] [client 139.59.132.8:39836] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8EaFW-kRgrJBLrEjXat3QAAABI"]
[Fri Feb 28 03:06:13.920793 2025] [:error] [pid 1466905] [client 139.59.132.8:39836] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8EaFW-kRgrJBLrEjXat3QAAABI"]
[Fri Feb 28 03:06:14.049586 2025] [:error] [pid 1466906] [client 139.59.132.8:39840] [client 139.59.132.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8EaFh4xm1Q7gW45PFtR4gAAABM"]
[Fri Feb 28 03:06:14.050100 2025] [:error] [pid 1466906] [client 139.59.132.8:39840] [client 139.59.132.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8EaFh4xm1Q7gW45PFtR4gAAABM"]
[Fri Feb 28 03:06:14.050523 2025] [:error] [pid 1466906] [client 139.59.132.8:39840] [client 139.59.132.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8EaFh4xm1Q7gW45PFtR4gAAABM"]
[Fri Feb 28 13:03:45.293130 2025] [:error] [pid 1476118] [client 45.139.104.144:58037] [client 45.139.104.144] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8GmIfzVpr8WDVOYX7X9DgAAAAI"]
[Fri Feb 28 13:03:45.295246 2025] [:error] [pid 1476118] [client 45.139.104.144:58037] [client 45.139.104.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8GmIfzVpr8WDVOYX7X9DgAAAAI"]
[Fri Feb 28 13:03:45.295750 2025] [:error] [pid 1476118] [client 45.139.104.144:58037] [client 45.139.104.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8GmIfzVpr8WDVOYX7X9DgAAAAI"]
[Fri Feb 28 14:12:46.081055 2025] [:error] [pid 1466877] [client 45.139.104.144:61510] [client 45.139.104.144] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8G2TkU8r5yVdJl6pD3zgQAAAAE"]
[Fri Feb 28 14:12:46.081671 2025] [:error] [pid 1466877] [client 45.139.104.144:61510] [client 45.139.104.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8G2TkU8r5yVdJl6pD3zgQAAAAE"]
[Fri Feb 28 14:12:46.082160 2025] [:error] [pid 1466877] [client 45.139.104.144:61510] [client 45.139.104.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8G2TkU8r5yVdJl6pD3zgQAAAAE"]
[Fri Feb 28 18:48:00.880879 2025] [:error] [pid 1476120] [client 109.202.99.46:4475] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z8H20DCESQnWmicfTIXYoAAAAAQ"]
[Fri Feb 28 18:48:00.881311 2025] [:error] [pid 1476123] [client 109.202.99.46:40027] [client 109.202.99.46] ModSecurity: Warning. Matched phrase ".kube/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .kube/ found within REQUEST_FILENAME: /.kube/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z8H20Byipe9XPdczlyWEyQAAAA0"]
[Fri Feb 28 18:48:00.881836 2025] [:error] [pid 1476123] [client 109.202.99.46:40027] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z8H20Byipe9XPdczlyWEyQAAAA0"]
[Fri Feb 28 18:48:00.885856 2025] [:error] [pid 1476120] [client 109.202.99.46:4475] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z8H20DCESQnWmicfTIXYoAAAAAQ"]
[Fri Feb 28 18:48:00.886331 2025] [:error] [pid 1476120] [client 109.202.99.46:4475] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z8H20DCESQnWmicfTIXYoAAAAAQ"]
[Fri Feb 28 18:48:00.886758 2025] [:error] [pid 1476120] [client 109.202.99.46:4475] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "Z8H20DCESQnWmicfTIXYoAAAAAQ"]
[Fri Feb 28 18:48:00.887129 2025] [:error] [pid 1476123] [client 109.202.99.46:40027] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.kube/config"] [unique_id "Z8H20Byipe9XPdczlyWEyQAAAA0"]
[Fri Feb 28 18:48:01.036286 2025] [:error] [pid 1476133] [client 109.202.99.46:4933] [client 109.202.99.46] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z8H20R2V6enmwJZ697UKhwAAAAY"]
[Fri Feb 28 18:48:01.036769 2025] [:error] [pid 1476133] [client 109.202.99.46:4933] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z8H20R2V6enmwJZ697UKhwAAAAY"]
[Fri Feb 28 18:48:01.037218 2025] [:error] [pid 1476133] [client 109.202.99.46:4933] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "Z8H20R2V6enmwJZ697UKhwAAAAY"]
[Fri Feb 28 18:48:01.037615 2025] [:error] [pid 1481124] [client 109.202.99.46:5343] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "Z8H20bRrIRJI0VNOvVeS_AAAAAI"]
[Fri Feb 28 18:48:01.040358 2025] [:error] [pid 1481124] [client 109.202.99.46:5343] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "Z8H20bRrIRJI0VNOvVeS_AAAAAI"]
[Fri Feb 28 18:48:01.040607 2025] [:error] [pid 1481124] [client 109.202.99.46:5343] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "Z8H20bRrIRJI0VNOvVeS_AAAAAI"]
[Fri Feb 28 18:48:01.094984 2025] [:error] [pid 1476123] [client 109.202.99.46:30273] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z8H20Ryipe9XPdczlyWEygAAAA0"]
[Fri Feb 28 18:48:01.095718 2025] [:error] [pid 1476123] [client 109.202.99.46:30273] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z8H20Ryipe9XPdczlyWEygAAAA0"]
[Fri Feb 28 18:48:01.096165 2025] [:error] [pid 1476123] [client 109.202.99.46:30273] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "Z8H20Ryipe9XPdczlyWEygAAAA0"]
[Fri Feb 28 18:48:01.098716 2025] [:error] [pid 1476120] [client 109.202.99.46:56245] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z8H20TCESQnWmicfTIXYoQAAAAQ"]
[Fri Feb 28 18:48:01.099348 2025] [:error] [pid 1476120] [client 109.202.99.46:56245] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z8H20TCESQnWmicfTIXYoQAAAAQ"]
[Fri Feb 28 18:48:01.099584 2025] [:error] [pid 1476127] [client 109.202.99.46:46261] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "Z8H20WqlysHRV2En9MqSNgAAABM"]
[Fri Feb 28 18:48:01.099639 2025] [:error] [pid 1476120] [client 109.202.99.46:56245] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "Z8H20TCESQnWmicfTIXYoQAAAAQ"]
[Fri Feb 28 18:48:01.100018 2025] [:error] [pid 1476127] [client 109.202.99.46:46261] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "Z8H20WqlysHRV2En9MqSNgAAABM"]
[Fri Feb 28 18:48:01.100300 2025] [:error] [pid 1476127] [client 109.202.99.46:46261] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "Z8H20WqlysHRV2En9MqSNgAAABM"]
[Fri Feb 28 18:48:01.158075 2025] [:error] [pid 1480593] [client 109.202.99.46:39041] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z8H20XNCEJtn7JWGH5sW4AAAAAE"]
[Fri Feb 28 18:48:01.158920 2025] [:error] [pid 1480593] [client 109.202.99.46:39041] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z8H20XNCEJtn7JWGH5sW4AAAAAE"]
[Fri Feb 28 18:48:01.159440 2025] [:error] [pid 1480593] [client 109.202.99.46:39041] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/authors.pwd"] [unique_id "Z8H20XNCEJtn7JWGH5sW4AAAAAE"]
[Fri Feb 28 18:48:01.261978 2025] [:error] [pid 1479161] [client 109.202.99.46:39809] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z8H20ZJjYMm3B8zm0f7eQgAAAAA"]
[Fri Feb 28 18:48:01.262345 2025] [:error] [pid 1479161] [client 109.202.99.46:39809] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z8H20ZJjYMm3B8zm0f7eQgAAAAA"]
[Fri Feb 28 18:48:01.262459 2025] [:error] [pid 1476133] [client 109.202.99.46:25497] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z8H20R2V6enmwJZ697UKiAAAAAY"]
[Fri Feb 28 18:48:01.262637 2025] [:error] [pid 1479161] [client 109.202.99.46:39809] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "Z8H20ZJjYMm3B8zm0f7eQgAAAAA"]
[Fri Feb 28 18:48:01.262946 2025] [:error] [pid 1476133] [client 109.202.99.46:25497] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z8H20R2V6enmwJZ697UKiAAAAAY"]
[Fri Feb 28 18:48:01.263189 2025] [:error] [pid 1476133] [client 109.202.99.46:25497] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "Z8H20R2V6enmwJZ697UKiAAAAAY"]
[Fri Feb 28 18:48:01.384443 2025] [:error] [pid 1476123] [client 109.202.99.46:8073] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8H20Ryipe9XPdczlyWEywAAAA0"]
[Fri Feb 28 18:48:01.384910 2025] [:error] [pid 1476123] [client 109.202.99.46:8073] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8H20Ryipe9XPdczlyWEywAAAA0"]
[Fri Feb 28 18:48:01.385339 2025] [:error] [pid 1476123] [client 109.202.99.46:8073] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8H20Ryipe9XPdczlyWEywAAAA0"]
[Fri Feb 28 18:48:01.509055 2025] [:error] [pid 1481124] [client 109.202.99.46:52259] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z8H20bRrIRJI0VNOvVeS_gAAAAI"]
[Fri Feb 28 18:48:01.509501 2025] [:error] [pid 1481124] [client 109.202.99.46:52259] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z8H20bRrIRJI0VNOvVeS_gAAAAI"]
[Fri Feb 28 18:48:01.510013 2025] [:error] [pid 1481124] [client 109.202.99.46:52259] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "Z8H20bRrIRJI0VNOvVeS_gAAAAI"]
[Fri Feb 28 18:48:01.528287 2025] [:error] [pid 1476127] [client 109.202.99.46:2311] [client 109.202.99.46] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z8H20WqlysHRV2En9MqSNwAAABM"]
[Fri Feb 28 18:48:01.528642 2025] [:error] [pid 1476127] [client 109.202.99.46:2311] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z8H20WqlysHRV2En9MqSNwAAABM"]
[Fri Feb 28 18:48:01.528970 2025] [:error] [pid 1476127] [client 109.202.99.46:2311] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z8H20WqlysHRV2En9MqSNwAAABM"]
[Fri Feb 28 18:48:01.600981 2025] [:error] [pid 1476129] [client 109.202.99.46:43473] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z8H20YCdZPxDnpkaQ2iWJQAAABU"]
[Fri Feb 28 18:48:01.601194 2025] [:error] [pid 1476129] [client 109.202.99.46:43473] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z8H20YCdZPxDnpkaQ2iWJQAAABU"]
[Fri Feb 28 18:48:01.601358 2025] [:error] [pid 1476129] [client 109.202.99.46:43473] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "Z8H20YCdZPxDnpkaQ2iWJQAAABU"]
[Fri Feb 28 18:48:01.603688 2025] [:error] [pid 1479161] [client 109.202.99.46:59937] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "Z8H20ZJjYMm3B8zm0f7eQwAAAAA"]
[Fri Feb 28 18:48:01.603942 2025] [:error] [pid 1479161] [client 109.202.99.46:59937] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "Z8H20ZJjYMm3B8zm0f7eQwAAAAA"]
[Fri Feb 28 18:48:01.604098 2025] [:error] [pid 1479161] [client 109.202.99.46:59937] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "Z8H20ZJjYMm3B8zm0f7eQwAAAAA"]
[Fri Feb 28 18:48:01.665810 2025] [authz_core:error] [pid 1476120] [client 109.202.99.46:59625] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Fri Feb 28 18:48:01.665875 2025] [:error] [pid 1480593] [client 109.202.99.46:43539] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z8H20XNCEJtn7JWGH5sW4gAAAAE"]
[Fri Feb 28 18:48:01.672785 2025] [:error] [pid 1480593] [client 109.202.99.46:43539] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z8H20XNCEJtn7JWGH5sW4gAAAAE"]
[Fri Feb 28 18:48:01.673289 2025] [:error] [pid 1480593] [client 109.202.99.46:43539] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z8H20XNCEJtn7JWGH5sW4gAAAAE"]
[Fri Feb 28 18:48:01.684143 2025] [:error] [pid 1476126] [client 109.202.99.46:39745] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z8H20Z4u_DKDUGSzN9puMQAAABI"]
[Fri Feb 28 18:48:01.684516 2025] [:error] [pid 1476126] [client 109.202.99.46:39745] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z8H20Z4u_DKDUGSzN9puMQAAABI"]
[Fri Feb 28 18:48:01.684736 2025] [:error] [pid 1476126] [client 109.202.99.46:39745] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "Z8H20Z4u_DKDUGSzN9puMQAAABI"]
[Fri Feb 28 18:48:01.701288 2025] [:error] [pid 1481698] [client 109.202.99.46:27327] [client 109.202.99.46] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z8H20RkxPVxTdJ2bfUGE3wAAAAM"]
[Fri Feb 28 18:48:01.701720 2025] [:error] [pid 1481698] [client 109.202.99.46:27327] [client 109.202.99.46] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z8H20RkxPVxTdJ2bfUGE3wAAAAM"]
[Fri Feb 28 18:48:01.702190 2025] [:error] [pid 1481698] [client 109.202.99.46:27327] [client 109.202.99.46] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z8H20RkxPVxTdJ2bfUGE3wAAAAM"]
[Fri Feb 28 18:48:01.702796 2025] [:error] [pid 1481698] [client 109.202.99.46:27327] [client 109.202.99.46] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "Z8H20RkxPVxTdJ2bfUGE3wAAAAM"]
[Fri Feb 28 20:55:46.734931 2025] [:error] [pid 1481698] [client 213.209.143.233:57746] [client 213.209.143.233] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8IUwhkxPVxTdJ2bfUGE5AAAAAM"]
[Fri Feb 28 20:55:46.735733 2025] [:error] [pid 1481698] [client 213.209.143.233:57746] [client 213.209.143.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8IUwhkxPVxTdJ2bfUGE5AAAAAM"]
[Fri Feb 28 20:55:46.736196 2025] [:error] [pid 1481698] [client 213.209.143.233:57746] [client 213.209.143.233] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8IUwhkxPVxTdJ2bfUGE5AAAAAM"]
[Fri Feb 28 22:34:58.585105 2025] [:error] [pid 1476123] [client 196.119.99.1:56503] [client 196.119.99.1] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8IsAhyipe9XPdczlyWE2wAAAA0"]
[Fri Feb 28 22:34:58.585939 2025] [:error] [pid 1476123] [client 196.119.99.1:56503] [client 196.119.99.1] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8IsAhyipe9XPdczlyWE2wAAAA0"]
[Fri Feb 28 22:34:58.586457 2025] [:error] [pid 1476123] [client 196.119.99.1:56503] [client 196.119.99.1] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8IsAhyipe9XPdczlyWE2wAAAA0"]
[Sat Mar 01 02:04:21.291695 2025] [:error] [pid 1486890] [client 34.16.246.72:53718] [client 34.16.246.72] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8JdFe7ClrLhPoDEqFxlPwAAAAE"]
[Sat Mar 01 02:04:21.292156 2025] [:error] [pid 1486890] [client 34.16.246.72:53718] [client 34.16.246.72] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8JdFe7ClrLhPoDEqFxlPwAAAAE"]
[Sat Mar 01 02:04:21.292684 2025] [:error] [pid 1486890] [client 34.16.246.72:53718] [client 34.16.246.72] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8JdFe7ClrLhPoDEqFxlPwAAAAE"]
[Sat Mar 01 09:21:06.175149 2025] [:error] [pid 1493081] [client 45.148.10.86:48948] [client 45.148.10.86] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8LDcutjTwdD1VS0fBKxKAAAAAw"]
[Sat Mar 01 09:21:06.175793 2025] [:error] [pid 1493081] [client 45.148.10.86:48948] [client 45.148.10.86] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8LDcutjTwdD1VS0fBKxKAAAAAw"]
[Sat Mar 01 09:21:06.176316 2025] [:error] [pid 1493081] [client 45.148.10.86:48948] [client 45.148.10.86] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8LDcutjTwdD1VS0fBKxKAAAAAw"]
[Sat Mar 01 16:18:19.853887 2025] [:error] [pid 1493089] [client 45.148.10.172:52424] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8MlO9_xBm5JReBJp8rnqAAAABQ"]
[Sat Mar 01 16:18:19.854623 2025] [:error] [pid 1493089] [client 45.148.10.172:52424] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8MlO9_xBm5JReBJp8rnqAAAABQ"]
[Sat Mar 01 16:18:19.855092 2025] [:error] [pid 1493089] [client 45.148.10.172:52424] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8MlO9_xBm5JReBJp8rnqAAAABQ"]
[Tue Mar 04 06:48:02.669549 2025] [:error] [pid 1554460] [client 45.148.10.80:40386] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8aUEmDA32NMZtVdg3_PxAAAAAY"]
[Tue Mar 04 06:48:02.671558 2025] [:error] [pid 1554460] [client 45.148.10.80:40386] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8aUEmDA32NMZtVdg3_PxAAAAAY"]
[Tue Mar 04 06:48:02.672139 2025] [:error] [pid 1554460] [client 45.148.10.80:40386] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8aUEmDA32NMZtVdg3_PxAAAAAY"]
[Tue Mar 04 22:05:45.724357 2025] [:error] [pid 1557262] [client 38.47.76.131:55214] [client 38.47.76.131] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8drKYIoHVO-z65fzLYlZgAAAAg"]
[Tue Mar 04 22:05:45.726662 2025] [:error] [pid 1563746] [client 38.47.76.131:55198] [client 38.47.76.131] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8drKWBWbF7llBrBIEWDEwAAAA0"]
[Tue Mar 04 22:05:45.727146 2025] [:error] [pid 1563746] [client 38.47.76.131:55198] [client 38.47.76.131] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8drKWBWbF7llBrBIEWDEwAAAA0"]
[Tue Mar 04 22:05:45.727417 2025] [:error] [pid 1563746] [client 38.47.76.131:55198] [client 38.47.76.131] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z8drKWBWbF7llBrBIEWDEwAAAA0"]
[Tue Mar 04 22:05:45.731198 2025] [:error] [pid 1563743] [client 38.47.76.131:55176] [client 38.47.76.131] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z8drKTES_i3OHGJocrRt9gAAAAI"]
[Tue Mar 04 22:05:45.731434 2025] [:error] [pid 1563743] [client 38.47.76.131:55176] [client 38.47.76.131] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z8drKTES_i3OHGJocrRt9gAAAAI"]
[Tue Mar 04 22:05:45.731650 2025] [:error] [pid 1563743] [client 38.47.76.131:55176] [client 38.47.76.131] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "Z8drKTES_i3OHGJocrRt9gAAAAI"]
[Tue Mar 04 22:05:45.731882 2025] [:error] [pid 1557262] [client 38.47.76.131:55214] [client 38.47.76.131] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8drKYIoHVO-z65fzLYlZgAAAAg"]
[Tue Mar 04 22:05:45.732174 2025] [:error] [pid 1557262] [client 38.47.76.131:55214] [client 38.47.76.131] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z8drKYIoHVO-z65fzLYlZgAAAAg"]
[Sun Mar 09 19:17:27.538721 2025] [:error] [pid 1661011] [client 45.148.10.237:48242] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bN6PGLf7u63PDybKjNQAAAAM"]
[Sun Mar 09 19:17:27.539940 2025] [:error] [pid 1661011] [client 45.148.10.237:48242] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bN6PGLf7u63PDybKjNQAAAAM"]
[Sun Mar 09 19:17:27.540190 2025] [:error] [pid 1661011] [client 45.148.10.237:48242] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z83bN6PGLf7u63PDybKjNQAAAAM"]
[Sun Mar 09 19:17:27.731740 2025] [:error] [pid 1661024] [client 45.148.10.237:48300] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bN4j7A5zkImPzPl8TXAAAAAU"]
[Sun Mar 09 19:17:27.732036 2025] [:error] [pid 1661024] [client 45.148.10.237:48300] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bN4j7A5zkImPzPl8TXAAAAAU"]
[Sun Mar 09 19:17:27.732285 2025] [:error] [pid 1661024] [client 45.148.10.237:48300] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "Z83bN4j7A5zkImPzPl8TXAAAAAU"]
[Sun Mar 09 19:17:28.153256 2025] [:error] [pid 1661339] [client 45.148.10.237:48488] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bOAictaUf718xO-joQQAAAAo"]
[Sun Mar 09 19:17:28.153520 2025] [:error] [pid 1661339] [client 45.148.10.237:48488] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bOAictaUf718xO-joQQAAAAo"]
[Sun Mar 09 19:17:28.153695 2025] [:error] [pid 1661339] [client 45.148.10.237:48488] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "Z83bOAictaUf718xO-joQQAAAAo"]
[Sun Mar 09 19:17:28.312841 2025] [:error] [pid 1661337] [client 45.148.10.237:48508] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bOEDqCpAfbNQ_tz1tiAAAAAg"]
[Sun Mar 09 19:17:28.313078 2025] [:error] [pid 1661337] [client 45.148.10.237:48508] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bOEDqCpAfbNQ_tz1tiAAAAAg"]
[Sun Mar 09 19:17:28.313243 2025] [:error] [pid 1661337] [client 45.148.10.237:48508] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "Z83bOEDqCpAfbNQ_tz1tiAAAAAg"]
[Sun Mar 09 19:17:28.401727 2025] [:error] [pid 1661011] [client 45.148.10.237:48560] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOAAAAAM"]
[Sun Mar 09 19:17:28.401958 2025] [:error] [pid 1661011] [client 45.148.10.237:48560] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOAAAAAM"]
[Sun Mar 09 19:17:28.402121 2025] [:error] [pid 1661011] [client 45.148.10.237:48560] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOAAAAAM"]
[Sun Mar 09 19:17:28.604511 2025] [:error] [pid 1661335] [client 45.148.10.237:48600] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bOBEUyzvDVC1ZEqXbcAAAAAY"]
[Sun Mar 09 19:17:28.605082 2025] [:error] [pid 1661335] [client 45.148.10.237:48600] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bOBEUyzvDVC1ZEqXbcAAAAAY"]
[Sun Mar 09 19:17:28.605525 2025] [:error] [pid 1661335] [client 45.148.10.237:48600] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "Z83bOBEUyzvDVC1ZEqXbcAAAAAY"]
[Sun Mar 09 19:17:28.712637 2025] [:error] [pid 1661338] [client 45.148.10.237:48664] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bODEULeXBn1nuAGnm1gAAAAk"]
[Sun Mar 09 19:17:28.713268 2025] [:error] [pid 1661338] [client 45.148.10.237:48664] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bODEULeXBn1nuAGnm1gAAAAk"]
[Sun Mar 09 19:17:28.713689 2025] [:error] [pid 1661338] [client 45.148.10.237:48664] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "Z83bODEULeXBn1nuAGnm1gAAAAk"]
[Sun Mar 09 19:17:28.811412 2025] [:error] [pid 1661011] [client 45.148.10.237:48700] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOgAAAAM"]
[Sun Mar 09 19:17:28.812194 2025] [:error] [pid 1661011] [client 45.148.10.237:48700] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOgAAAAM"]
[Sun Mar 09 19:17:28.812818 2025] [:error] [pid 1661011] [client 45.148.10.237:48700] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "Z83bOKPGLf7u63PDybKjOgAAAAM"]
[Sun Mar 09 19:17:28.988944 2025] [:error] [pid 1661339] [client 45.148.10.237:48726] [client 45.148.10.237] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOAictaUf718xO-joRAAAAAo"]
[Sun Mar 09 19:17:28.989180 2025] [:error] [pid 1661339] [client 45.148.10.237:48726] [client 45.148.10.237] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOAictaUf718xO-joRAAAAAo"]
[Sun Mar 09 19:17:28.989352 2025] [:error] [pid 1661339] [client 45.148.10.237:48726] [client 45.148.10.237] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "Z83bOAictaUf718xO-joRAAAAAo"]
[Fri Mar 14 04:18:00.288787 2025] [:error] [pid 1768895] [client 65.109.173.89:40576] [client 65.109.173.89] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9Of6HMzs1Kxf2B1xt7o6wAAAAU"]
[Fri Mar 14 04:18:00.290506 2025] [:error] [pid 1768895] [client 65.109.173.89:40576] [client 65.109.173.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9Of6HMzs1Kxf2B1xt7o6wAAAAU"]
[Fri Mar 14 04:18:00.291007 2025] [:error] [pid 1768895] [client 65.109.173.89:40576] [client 65.109.173.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9Of6HMzs1Kxf2B1xt7o6wAAAAU"]
[Fri Mar 14 22:30:31.278943 2025] [:error] [pid 1783510] [client 65.109.173.89:43064] [client 65.109.173.89] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9Sf97PWOKp5lg1HVIYE9QAAAAA"]
[Fri Mar 14 22:30:31.279293 2025] [:error] [pid 1783510] [client 65.109.173.89:43064] [client 65.109.173.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9Sf97PWOKp5lg1HVIYE9QAAAAA"]
[Fri Mar 14 22:30:31.279633 2025] [:error] [pid 1783510] [client 65.109.173.89:43064] [client 65.109.173.89] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9Sf97PWOKp5lg1HVIYE9QAAAAA"]
[Mon Mar 17 15:21:29.201028 2025] [:error] [pid 1841877] [client 45.148.10.172:37198] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z9gv6fYlk3w5aBheRYi8_gAAABI"]
[Mon Mar 17 15:21:29.203258 2025] [:error] [pid 1841877] [client 45.148.10.172:37198] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z9gv6fYlk3w5aBheRYi8_gAAABI"]
[Mon Mar 17 15:21:29.203701 2025] [:error] [pid 1841877] [client 45.148.10.172:37198] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "Z9gv6fYlk3w5aBheRYi8_gAAABI"]
[Wed Mar 19 17:14:35.366425 2025] [:error] [pid 1876131] [client 45.148.10.98:51228] [client 45.148.10.98] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9rta8An1vg49ITh9cFxSwAAAAM"]
[Wed Mar 19 17:14:35.367944 2025] [:error] [pid 1876131] [client 45.148.10.98:51228] [client 45.148.10.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9rta8An1vg49ITh9cFxSwAAAAM"]
[Wed Mar 19 17:14:35.368264 2025] [:error] [pid 1876131] [client 45.148.10.98:51228] [client 45.148.10.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z9rta8An1vg49ITh9cFxSwAAAAM"]
[Mon Mar 24 09:38:09.845595 2025] [:error] [pid 1985765] [client 103.102.230.8:47148] [client 103.102.230.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-EZ8XFGH9-It8Dpdmx4tgAAAAc"]
[Mon Mar 24 09:38:09.847003 2025] [:error] [pid 1985765] [client 103.102.230.8:47148] [client 103.102.230.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-EZ8XFGH9-It8Dpdmx4tgAAAAc"]
[Mon Mar 24 09:38:09.847186 2025] [:error] [pid 1985765] [client 103.102.230.8:47148] [client 103.102.230.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-EZ8XFGH9-It8Dpdmx4tgAAAAc"]
[Tue Mar 25 06:37:58.465930 2025] [:error] [pid 2005897] [client 103.102.230.8:36640] [client 103.102.230.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-JBNrOOLCKK9zwYnfZf4AAAAAY"]
[Tue Mar 25 06:37:58.466364 2025] [:error] [pid 2005897] [client 103.102.230.8:36640] [client 103.102.230.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-JBNrOOLCKK9zwYnfZf4AAAAAY"]
[Tue Mar 25 06:37:58.466631 2025] [:error] [pid 2005897] [client 103.102.230.8:36640] [client 103.102.230.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-JBNrOOLCKK9zwYnfZf4AAAAAY"]
[Wed Mar 26 00:27:50.289571 2025] [:error] [pid 2025029] [client 45.148.10.80:56392] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-M79gpHULSMvbFaZGrpgQAAAAo"]
[Wed Mar 26 00:27:50.289930 2025] [:error] [pid 2025029] [client 45.148.10.80:56392] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-M79gpHULSMvbFaZGrpgQAAAAo"]
[Wed Mar 26 00:27:50.290087 2025] [:error] [pid 2025029] [client 45.148.10.80:56392] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-M79gpHULSMvbFaZGrpgQAAAAo"]
[Sat Mar 29 17:39:10.066442 2025] [:error] [pid 2106540] [client 34.221.111.118:60854] [client 34.221.111.118] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-giLkEEMuoW1Z_Ry8_ZYgAAAAQ"]
[Sat Mar 29 17:39:10.067987 2025] [:error] [pid 2106540] [client 34.221.111.118:60854] [client 34.221.111.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-giLkEEMuoW1Z_Ry8_ZYgAAAAQ"]
[Sat Mar 29 17:39:10.068193 2025] [:error] [pid 2106540] [client 34.221.111.118:60854] [client 34.221.111.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-giLkEEMuoW1Z_Ry8_ZYgAAAAQ"]
[Sun Mar 30 09:45:40.804733 2025] [:error] [pid 2125893] [client 18.116.162.27:46426] [client 18.116.162.27] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-j2pGUvy7xCRhR0YxA9BwAAAAE"]
[Sun Mar 30 09:45:40.805110 2025] [:error] [pid 2125893] [client 18.116.162.27:46426] [client 18.116.162.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-j2pGUvy7xCRhR0YxA9BwAAAAE"]
[Sun Mar 30 09:45:40.805283 2025] [:error] [pid 2125893] [client 18.116.162.27:46426] [client 18.116.162.27] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z-j2pGUvy7xCRhR0YxA9BwAAAAE"]
[Thu Apr 03 10:32:51.593705 2025] [:error] [pid 2225861] [client 179.43.188.122:35362] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z-5Hs9V-m7aWJjgpDgGIuAAAAAE"]
[Thu Apr 03 10:32:51.593978 2025] [:error] [pid 2225860] [client 179.43.188.122:35390] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /logs/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/.git/config"] [unique_id "Z-5Hs42ek4pGUD-a5LdS9AAAAAA"]
[Thu Apr 03 10:32:51.596185 2025] [:error] [pid 2225860] [client 179.43.188.122:35390] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/.git/config"] [unique_id "Z-5Hs42ek4pGUD-a5LdS9AAAAAA"]
[Thu Apr 03 10:32:51.596193 2025] [:error] [pid 2225861] [client 179.43.188.122:35362] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z-5Hs9V-m7aWJjgpDgGIuAAAAAE"]
[Thu Apr 03 10:32:51.596373 2025] [:error] [pid 2225860] [client 179.43.188.122:35390] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/.git/config"] [unique_id "Z-5Hs42ek4pGUD-a5LdS9AAAAAA"]
[Thu Apr 03 10:32:51.596420 2025] [:error] [pid 2225861] [client 179.43.188.122:35362] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "Z-5Hs9V-m7aWJjgpDgGIuAAAAAE"]
[Thu Apr 03 10:32:51.594351 2025] [:error] [pid 2225865] [client 179.43.188.122:35378] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z-5HswMPUQy-dabMHTz_LAAAAAU"]
[Thu Apr 03 10:32:51.596685 2025] [:error] [pid 2225865] [client 179.43.188.122:35378] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z-5HswMPUQy-dabMHTz_LAAAAAU"]
[Thu Apr 03 10:32:51.596858 2025] [:error] [pid 2225865] [client 179.43.188.122:35378] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "Z-5HswMPUQy-dabMHTz_LAAAAAU"]
[Thu Apr 03 10:32:51.630191 2025] [:error] [pid 2226227] [client 179.43.188.122:35336] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /test/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Z-5Hs3AgicyW8cXPpq5TFgAAAAY"]
[Thu Apr 03 10:32:51.630424 2025] [:error] [pid 2226227] [client 179.43.188.122:35336] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Z-5Hs3AgicyW8cXPpq5TFgAAAAY"]
[Thu Apr 03 10:32:51.630588 2025] [:error] [pid 2226227] [client 179.43.188.122:35336] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.git/config"] [unique_id "Z-5Hs3AgicyW8cXPpq5TFgAAAAY"]
[Thu Apr 03 10:32:51.643780 2025] [:error] [pid 2225864] [client 179.43.188.122:35348] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backend/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z-5Hs1SO4QAJxS15OpFMRgAAAAQ"]
[Thu Apr 03 10:32:51.643980 2025] [:error] [pid 2225864] [client 179.43.188.122:35348] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z-5Hs1SO4QAJxS15OpFMRgAAAAQ"]
[Thu Apr 03 10:32:51.644128 2025] [:error] [pid 2225864] [client 179.43.188.122:35348] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.git/config"] [unique_id "Z-5Hs1SO4QAJxS15OpFMRgAAAAQ"]
[Thu Apr 03 10:32:51.677362 2025] [:error] [pid 2232066] [client 179.43.188.122:35450] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /public/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z-5Hs_NXIxfzGLZjKc_SMwAAAAk"]
[Thu Apr 03 10:32:51.677362 2025] [:error] [pid 2232065] [client 179.43.188.122:35418] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /source/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.git/config"] [unique_id "Z-5HswCafeVT-9JQzsd2UgAAAAg"]
[Thu Apr 03 10:32:51.677633 2025] [:error] [pid 2232065] [client 179.43.188.122:35418] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.git/config"] [unique_id "Z-5HswCafeVT-9JQzsd2UgAAAAg"]
[Thu Apr 03 10:32:51.677633 2025] [:error] [pid 2232066] [client 179.43.188.122:35450] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z-5Hs_NXIxfzGLZjKc_SMwAAAAk"]
[Thu Apr 03 10:32:51.677807 2025] [:error] [pid 2232066] [client 179.43.188.122:35450] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.git/config"] [unique_id "Z-5Hs_NXIxfzGLZjKc_SMwAAAAk"]
[Thu Apr 03 10:32:51.677825 2025] [:error] [pid 2232065] [client 179.43.188.122:35418] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.git/config"] [unique_id "Z-5HswCafeVT-9JQzsd2UgAAAAg"]
[Thu Apr 03 10:32:51.826692 2025] [:error] [pid 2225863] [client 179.43.188.122:35322] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "Z-5Hs3_ekhdthWt3CWxYIwAAAAM"]
[Thu Apr 03 10:32:51.826955 2025] [:error] [pid 2225863] [client 179.43.188.122:35322] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "Z-5Hs3_ekhdthWt3CWxYIwAAAAM"]
[Thu Apr 03 10:32:51.827137 2025] [:error] [pid 2225863] [client 179.43.188.122:35322] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js../.git/config"] [unique_id "Z-5Hs3_ekhdthWt3CWxYIwAAAAM"]
[Thu Apr 03 10:32:51.994831 2025] [:error] [pid 2225861] [client 179.43.188.122:35460] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /old/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.git/config"] [unique_id "Z-5Hs9V-m7aWJjgpDgGIuQAAAAE"]
[Thu Apr 03 10:32:51.995065 2025] [:error] [pid 2225861] [client 179.43.188.122:35460] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.git/config"] [unique_id "Z-5Hs9V-m7aWJjgpDgGIuQAAAAE"]
[Thu Apr 03 10:32:51.995224 2025] [:error] [pid 2225861] [client 179.43.188.122:35460] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.git/config"] [unique_id "Z-5Hs9V-m7aWJjgpDgGIuQAAAAE"]
[Thu Apr 03 10:32:51.995710 2025] [:error] [pid 2232064] [client 179.43.188.122:35406] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z-5Hs5PD7w9aYE3sdgKGpwAAAAc"]
[Thu Apr 03 10:32:51.996099 2025] [:error] [pid 2232064] [client 179.43.188.122:35406] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z-5Hs5PD7w9aYE3sdgKGpwAAAAc"]
[Thu Apr 03 10:32:51.996331 2025] [:error] [pid 2232064] [client 179.43.188.122:35406] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.git/config"] [unique_id "Z-5Hs5PD7w9aYE3sdgKGpwAAAAc"]
[Thu Apr 03 10:32:52.000014 2025] [:error] [pid 2225860] [client 179.43.188.122:41210] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z-5Hs42ek4pGUD-a5LdS9QAAAAA"]
[Thu Apr 03 10:32:52.000215 2025] [:error] [pid 2225860] [client 179.43.188.122:41210] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z-5Hs42ek4pGUD-a5LdS9QAAAAA"]
[Thu Apr 03 10:32:52.000361 2025] [:error] [pid 2225860] [client 179.43.188.122:41210] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "Z-5Hs42ek4pGUD-a5LdS9QAAAAA"]
[Thu Apr 03 10:32:52.068736 2025] [:error] [pid 2225865] [client 179.43.188.122:35432] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /lib/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "Z-5HtAMPUQy-dabMHTz_LQAAAAU"]
[Thu Apr 03 10:32:52.068960 2025] [:error] [pid 2225865] [client 179.43.188.122:35432] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "Z-5HtAMPUQy-dabMHTz_LQAAAAU"]
[Thu Apr 03 10:32:52.069129 2025] [:error] [pid 2225865] [client 179.43.188.122:35432] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.git/config"] [unique_id "Z-5HtAMPUQy-dabMHTz_LQAAAAU"]
[Thu Apr 03 10:32:52.079300 2025] [:error] [pid 2226227] [client 179.43.188.122:41216] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z-5HtHAgicyW8cXPpq5TFwAAAAY"]
[Thu Apr 03 10:32:52.079550 2025] [:error] [pid 2226227] [client 179.43.188.122:41216] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z-5HtHAgicyW8cXPpq5TFwAAAAY"]
[Thu Apr 03 10:32:52.079697 2025] [:error] [pid 2226227] [client 179.43.188.122:41216] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "Z-5HtHAgicyW8cXPpq5TFwAAAAY"]
[Thu Apr 03 10:32:52.243707 2025] [:error] [pid 2225862] [client 179.43.188.122:35316] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /staging/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z-5HtChOaRic_LV-iEEITQAAAAI"]
[Thu Apr 03 10:32:52.243934 2025] [:error] [pid 2225862] [client 179.43.188.122:35316] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z-5HtChOaRic_LV-iEEITQAAAAI"]
[Thu Apr 03 10:32:52.244198 2025] [:error] [pid 2225862] [client 179.43.188.122:35316] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.git/config"] [unique_id "Z-5HtChOaRic_LV-iEEITQAAAAI"]
[Thu Apr 03 10:32:54.689507 2025] [:error] [pid 2232065] [client 179.43.188.122:41242] [client 179.43.188.122] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /panel/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "Z-5HtgCafeVT-9JQzsd2UwAAAAg"]
[Thu Apr 03 10:32:54.689751 2025] [:error] [pid 2232065] [client 179.43.188.122:41242] [client 179.43.188.122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "Z-5HtgCafeVT-9JQzsd2UwAAAAg"]
[Thu Apr 03 10:32:54.689908 2025] [:error] [pid 2232065] [client 179.43.188.122:41242] [client 179.43.188.122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.git/config"] [unique_id "Z-5HtgCafeVT-9JQzsd2UwAAAAg"]
[Sat Apr 05 11:11:59.779270 2025] [:error] [pid 2270269] [client 194.163.152.77:45768] [client 194.163.152.77] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_Dz34ekNXxRXncrShKmAQAAAAM"]
[Sat Apr 05 11:11:59.781187 2025] [:error] [pid 2270269] [client 194.163.152.77:45768] [client 194.163.152.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_Dz34ekNXxRXncrShKmAQAAAAM"]
[Sat Apr 05 11:11:59.781395 2025] [:error] [pid 2270269] [client 194.163.152.77:45768] [client 194.163.152.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_Dz34ekNXxRXncrShKmAQAAAAM"]
[Sat Apr 05 22:57:30.462492 2025] [:error] [pid 2279754] [client 194.163.152.77:52518] [client 194.163.152.77] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_GZOjA6y7Yce_1SthBlKwAAAAo"]
[Sat Apr 05 22:57:30.462774 2025] [:error] [pid 2279754] [client 194.163.152.77:52518] [client 194.163.152.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_GZOjA6y7Yce_1SthBlKwAAAAo"]
[Sat Apr 05 22:57:30.462960 2025] [:error] [pid 2279754] [client 194.163.152.77:52518] [client 194.163.152.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_GZOjA6y7Yce_1SthBlKwAAAAo"]
[Sun Apr 06 02:26:30.132905 2025] [:error] [pid 2289270] [client 194.163.152.77:50076] [client 194.163.152.77] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_HKNgy26e_3d_DtvxQeVQAAAAQ"]
[Sun Apr 06 02:26:30.133328 2025] [:error] [pid 2289270] [client 194.163.152.77:50076] [client 194.163.152.77] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_HKNgy26e_3d_DtvxQeVQAAAAQ"]
[Sun Apr 06 02:26:30.133528 2025] [:error] [pid 2289270] [client 194.163.152.77:50076] [client 194.163.152.77] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "Z_HKNgy26e_3d_DtvxQeVQAAAAQ"]
[Thu Apr 17 14:28:34.552272 2025] [:error] [pid 2531526] [client 45.148.10.80:49740] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aADz8jKJ7Z3VYrbUKLBIhAAAAAc"]
[Thu Apr 17 14:28:34.553790 2025] [:error] [pid 2531526] [client 45.148.10.80:49740] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aADz8jKJ7Z3VYrbUKLBIhAAAAAc"]
[Thu Apr 17 14:28:34.553987 2025] [:error] [pid 2531526] [client 45.148.10.80:49740] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aADz8jKJ7Z3VYrbUKLBIhAAAAAc"]
[Fri Apr 18 00:54:34.608364 2025] [:error] [pid 2549453] [client 45.130.203.184:57359] [client 45.130.203.184] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aAGGqo9VBMmTUQf1uA4dcAAAAAA"]
[Fri Apr 18 00:54:34.608656 2025] [:error] [pid 2549453] [client 45.130.203.184:57359] [client 45.130.203.184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aAGGqo9VBMmTUQf1uA4dcAAAAAA"]
[Fri Apr 18 00:54:34.608868 2025] [:error] [pid 2549453] [client 45.130.203.184:57359] [client 45.130.203.184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aAGGqo9VBMmTUQf1uA4dcAAAAAA"]
[Sun Apr 20 05:47:11.692765 2025] [:error] [pid 2599012] [client 45.130.203.230:58297] [client 45.130.203.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aARuP7kRSM_wWuOY-YzxKwAAAA4"]
[Sun Apr 20 05:47:11.694282 2025] [:error] [pid 2599012] [client 45.130.203.230:58297] [client 45.130.203.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aARuP7kRSM_wWuOY-YzxKwAAAA4"]
[Sun Apr 20 05:47:11.694492 2025] [:error] [pid 2599012] [client 45.130.203.230:58297] [client 45.130.203.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aARuP7kRSM_wWuOY-YzxKwAAAA4"]
[Sun Apr 20 05:47:11.804567 2025] [:error] [pid 2597529] [client 45.130.203.182:40675] [client 45.130.203.182] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aARuPwZGKWoSh0bB6I5KQAAAAAA"]
[Sun Apr 20 05:47:11.804900 2025] [:error] [pid 2597529] [client 45.130.203.182:40675] [client 45.130.203.182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aARuPwZGKWoSh0bB6I5KQAAAAAA"]
[Sun Apr 20 05:47:11.805153 2025] [:error] [pid 2597529] [client 45.130.203.182:40675] [client 45.130.203.182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aARuPwZGKWoSh0bB6I5KQAAAAAA"]
[Sun Apr 20 20:51:27.315420 2025] [:error] [pid 2599010] [client 93.123.109.75:63539] [client 93.123.109.75] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAVCL3NuewUkVloE_4FcyAAAAA0"]
[Sun Apr 20 20:51:27.315712 2025] [:error] [pid 2599010] [client 93.123.109.75:63539] [client 93.123.109.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAVCL3NuewUkVloE_4FcyAAAAA0"]
[Sun Apr 20 20:51:27.315913 2025] [:error] [pid 2599010] [client 93.123.109.75:63539] [client 93.123.109.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAVCL3NuewUkVloE_4FcyAAAAA0"]
[Mon Apr 21 15:51:38.470620 2025] [:error] [pid 2618015] [client 93.123.109.108:59441] [client 93.123.109.108] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAZNamRxuKR-dqH02HGnPwAAAAY"]
[Mon Apr 21 15:51:38.471028 2025] [:error] [pid 2618015] [client 93.123.109.108:59441] [client 93.123.109.108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAZNamRxuKR-dqH02HGnPwAAAAY"]
[Mon Apr 21 15:51:38.471287 2025] [:error] [pid 2618015] [client 93.123.109.108:59441] [client 93.123.109.108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAZNamRxuKR-dqH02HGnPwAAAAY"]
[Wed Apr 23 16:18:01.397660 2025] [:error] [pid 2662069] [client 87.251.78.138:60865] [client 87.251.78.138] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aAj2mchsWZ4ncGg2qoFetgAAAAU"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Wed Apr 23 16:18:01.398830 2025] [:error] [pid 2662069] [client 87.251.78.138:60865] [client 87.251.78.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aAj2mchsWZ4ncGg2qoFetgAAAAU"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Wed Apr 23 16:18:01.399061 2025] [:error] [pid 2662069] [client 87.251.78.138:60865] [client 87.251.78.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aAj2mchsWZ4ncGg2qoFetgAAAAU"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Wed Apr 23 21:54:39.533434 2025] [:error] [pid 2680527] [client 79.124.58.138:44469] [client 79.124.58.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAlFf_jnPF-Pgc6ocdtuqgAAAAk"]
[Wed Apr 23 21:54:39.533642 2025] [:error] [pid 2680527] [client 79.124.58.138:44469] [client 79.124.58.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAlFf_jnPF-Pgc6ocdtuqgAAAAk"]
[Wed Apr 23 21:54:39.533824 2025] [:error] [pid 2680527] [client 79.124.58.138:44469] [client 79.124.58.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAlFf_jnPF-Pgc6ocdtuqgAAAAk"]
[Wed Apr 23 22:18:14.795710 2025] [:error] [pid 2663016] [client 93.123.109.107:59113] [client 93.123.109.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAlLBjm79ZuajFcnEgRb3QAAAAg"]
[Wed Apr 23 22:18:14.796007 2025] [:error] [pid 2663016] [client 93.123.109.107:59113] [client 93.123.109.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAlLBjm79ZuajFcnEgRb3QAAAAg"]
[Wed Apr 23 22:18:14.796198 2025] [:error] [pid 2663016] [client 93.123.109.107:59113] [client 93.123.109.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAlLBjm79ZuajFcnEgRb3QAAAAg"]
[Thu Apr 24 02:52:04.538488 2025] [:error] [pid 2693102] [client 51.44.6.95:56556] [client 51.44.6.95] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aAmLNHXmUuknoiTgBDAlbQAAAAU"]
[Thu Apr 24 02:52:04.538774 2025] [:error] [pid 2693102] [client 51.44.6.95:56556] [client 51.44.6.95] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aAmLNHXmUuknoiTgBDAlbQAAAAU"]
[Thu Apr 24 02:52:04.538942 2025] [:error] [pid 2693102] [client 51.44.6.95:56556] [client 51.44.6.95] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aAmLNHXmUuknoiTgBDAlbQAAAAU"]
[Thu Apr 24 21:14:13.091046 2025] [:error] [pid 2695497] [client 93.123.109.107:51931] [client 93.123.109.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAqNhYz30Bn5fhF9CFq94QAAAAA"]
[Thu Apr 24 21:14:13.091300 2025] [:error] [pid 2695497] [client 93.123.109.107:51931] [client 93.123.109.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAqNhYz30Bn5fhF9CFq94QAAAAA"]
[Thu Apr 24 21:14:13.091483 2025] [:error] [pid 2695497] [client 93.123.109.107:51931] [client 93.123.109.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAqNhYz30Bn5fhF9CFq94QAAAAA"]
[Fri Apr 25 09:37:46.231561 2025] [:error] [pid 2716972] [client 93.123.109.107:58189] [client 93.123.109.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAs7yqaVgsYLhgYx1yfFPgAAAAU"]
[Fri Apr 25 09:37:46.231849 2025] [:error] [pid 2716972] [client 93.123.109.107:58189] [client 93.123.109.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAs7yqaVgsYLhgYx1yfFPgAAAAU"]
[Fri Apr 25 09:37:46.232048 2025] [:error] [pid 2716972] [client 93.123.109.107:58189] [client 93.123.109.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aAs7yqaVgsYLhgYx1yfFPgAAAAU"]
[Tue Apr 29 05:49:28.361831 2025] [authz_core:error] [pid 2806339] [client 142.93.143.8:42170] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Tue Apr 29 05:49:28.688552 2025] [:error] [pid 2806341] [client 142.93.143.8:42202] [client 142.93.143.8] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aBBMSN0gW0z_Vc1yvbVWaAAAAAc"]
[Tue Apr 29 05:49:28.688777 2025] [:error] [pid 2806341] [client 142.93.143.8:42202] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aBBMSN0gW0z_Vc1yvbVWaAAAAAc"]
[Tue Apr 29 05:49:28.688959 2025] [:error] [pid 2806341] [client 142.93.143.8:42202] [client 142.93.143.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aBBMSN0gW0z_Vc1yvbVWaAAAAAc"]
[Tue Apr 29 05:49:28.798278 2025] [:error] [pid 2806367] [client 142.93.143.8:42210] [client 142.93.143.8] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBBMSJ60OFMj0jMB4s_U6gAAAAE"]
[Tue Apr 29 05:49:28.798505 2025] [:error] [pid 2806367] [client 142.93.143.8:42210] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBBMSJ60OFMj0jMB4s_U6gAAAAE"]
[Tue Apr 29 05:49:28.798675 2025] [:error] [pid 2806367] [client 142.93.143.8:42210] [client 142.93.143.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBBMSJ60OFMj0jMB4s_U6gAAAAE"]
[Tue Apr 29 05:49:28.885329 2025] [:error] [pid 2806341] [client 142.93.143.8:42226] [client 142.93.143.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBBMSN0gW0z_Vc1yvbVWaQAAAAc"]
[Tue Apr 29 05:49:28.885563 2025] [:error] [pid 2806341] [client 142.93.143.8:42226] [client 142.93.143.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBBMSN0gW0z_Vc1yvbVWaQAAAAc"]
[Tue Apr 29 05:49:28.885818 2025] [:error] [pid 2806341] [client 142.93.143.8:42226] [client 142.93.143.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBBMSN0gW0z_Vc1yvbVWaQAAAAc"]
[Wed Apr 30 02:52:49.294617 2025] [:error] [pid 2823131] [client 170.39.218.52:52378] [client 170.39.218.52] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBF0YVTwedzwddDWA2bssgAAAAw"]
[Wed Apr 30 02:52:49.294937 2025] [:error] [pid 2823131] [client 170.39.218.52:52378] [client 170.39.218.52] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBF0YVTwedzwddDWA2bssgAAAAw"]
[Wed Apr 30 02:52:49.295132 2025] [:error] [pid 2823131] [client 170.39.218.52:52378] [client 170.39.218.52] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBF0YVTwedzwddDWA2bssgAAAAw"]
[Wed Apr 30 02:52:49.465625 2025] [:error] [pid 2823229] [client 170.39.218.52:52394] [client 170.39.218.52] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aBF0YYODVEUBu-uBffwzogAAAAI"]
[Wed Apr 30 02:52:49.465874 2025] [:error] [pid 2823229] [client 170.39.218.52:52394] [client 170.39.218.52] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aBF0YYODVEUBu-uBffwzogAAAAI"]
[Wed Apr 30 02:52:49.466052 2025] [:error] [pid 2823229] [client 170.39.218.52:52394] [client 170.39.218.52] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aBF0YYODVEUBu-uBffwzogAAAAI"]
[Wed Apr 30 02:52:49.671355 2025] [:error] [pid 2823128] [client 170.39.218.52:52410] [client 170.39.218.52] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aBF0YVt16V4EMbTGcrSiAgAAAAk"]
[Wed Apr 30 02:52:49.671611 2025] [:error] [pid 2823128] [client 170.39.218.52:52410] [client 170.39.218.52] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aBF0YVt16V4EMbTGcrSiAgAAAAk"]
[Wed Apr 30 02:52:49.671781 2025] [:error] [pid 2823128] [client 170.39.218.52:52410] [client 170.39.218.52] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aBF0YVt16V4EMbTGcrSiAgAAAAk"]
[Wed Apr 30 02:52:54.769537 2025] [:error] [pid 2823951] [client 170.39.218.52:58556] [client 170.39.218.52] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aBF0ZgR8rv_5nUFwDIw0dQAAAAM"]
[Wed Apr 30 02:52:54.769815 2025] [:error] [pid 2823951] [client 170.39.218.52:58556] [client 170.39.218.52] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aBF0ZgR8rv_5nUFwDIw0dQAAAAM"]
[Wed Apr 30 02:52:54.769996 2025] [:error] [pid 2823951] [client 170.39.218.52:58556] [client 170.39.218.52] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aBF0ZgR8rv_5nUFwDIw0dQAAAAM"]
[Wed Apr 30 02:52:56.506432 2025] [:error] [pid 2823127] [client 170.39.218.52:58620] [client 170.39.218.52] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aBF0aHaO2jLeN9mwruRGcwAAAAA"]
[Wed Apr 30 02:52:56.506692 2025] [:error] [pid 2823127] [client 170.39.218.52:58620] [client 170.39.218.52] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aBF0aHaO2jLeN9mwruRGcwAAAAA"]
[Wed Apr 30 02:52:56.506849 2025] [:error] [pid 2823127] [client 170.39.218.52:58620] [client 170.39.218.52] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aBF0aHaO2jLeN9mwruRGcwAAAAA"]
[Wed Apr 30 02:52:56.710227 2025] [:error] [pid 2823130] [client 170.39.218.52:58624] [client 170.39.218.52] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aBF0aGAsIAfn63WVULirSAAAAA8"]
[Wed Apr 30 02:52:56.710500 2025] [:error] [pid 2823130] [client 170.39.218.52:58624] [client 170.39.218.52] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aBF0aGAsIAfn63WVULirSAAAAA8"]
[Wed Apr 30 02:52:56.710687 2025] [:error] [pid 2823130] [client 170.39.218.52:58624] [client 170.39.218.52] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aBF0aGAsIAfn63WVULirSAAAAA8"]
[Wed Apr 30 12:32:29.251212 2025] [:error] [pid 2831142] [client 45.139.104.181:47504] [client 45.139.104.181] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBH8PamY7gES-hBp7Ev-zQAAAAY"]
[Wed Apr 30 12:32:29.251473 2025] [:error] [pid 2831142] [client 45.139.104.181:47504] [client 45.139.104.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBH8PamY7gES-hBp7Ev-zQAAAAY"]
[Wed Apr 30 12:32:29.251643 2025] [:error] [pid 2831142] [client 45.139.104.181:47504] [client 45.139.104.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBH8PamY7gES-hBp7Ev-zQAAAAY"]
[Wed Apr 30 14:00:23.811638 2025] [:error] [pid 2826732] [client 93.123.109.105:39232] [client 93.123.109.105] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBIQ1zBbeKN80EBOk2X6ZAAAAAM"]
[Wed Apr 30 14:00:23.811910 2025] [:error] [pid 2826732] [client 93.123.109.105:39232] [client 93.123.109.105] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBIQ1zBbeKN80EBOk2X6ZAAAAAM"]
[Wed Apr 30 14:00:23.812074 2025] [:error] [pid 2826732] [client 93.123.109.105:39232] [client 93.123.109.105] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBIQ1zBbeKN80EBOk2X6ZAAAAAM"]
[Sun May 04 15:16:46.884087 2025] [:error] [pid 2912448] [client 195.178.110.64:57926] [client 195.178.110.64] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBdovm8SHJtYYpgVqYEQJgAAAAc"]
[Sun May 04 15:16:46.887464 2025] [:error] [pid 2912448] [client 195.178.110.64:57926] [client 195.178.110.64] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBdovm8SHJtYYpgVqYEQJgAAAAc"]
[Sun May 04 15:16:46.887672 2025] [:error] [pid 2912448] [client 195.178.110.64:57926] [client 195.178.110.64] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBdovm8SHJtYYpgVqYEQJgAAAAc"]
[Tue May 06 06:27:20.517232 2025] [:error] [pid 2955375] [client 45.148.10.172:58606] [client 45.148.10.172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBmPqAbEQ7X-VfzoVezmagAAAAM"]
[Tue May 06 06:27:20.517583 2025] [:error] [pid 2955375] [client 45.148.10.172:58606] [client 45.148.10.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBmPqAbEQ7X-VfzoVezmagAAAAM"]
[Tue May 06 06:27:20.517753 2025] [:error] [pid 2955375] [client 45.148.10.172:58606] [client 45.148.10.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBmPqAbEQ7X-VfzoVezmagAAAAM"]
[Tue May 06 09:55:23.882895 2025] [:error] [pid 2955450] [client 45.148.10.98:47370] [client 45.148.10.98] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBnAawkYV-vARAMMZzPBuAAAAAU"]
[Tue May 06 09:55:23.883201 2025] [:error] [pid 2955450] [client 45.148.10.98:47370] [client 45.148.10.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBnAawkYV-vARAMMZzPBuAAAAAU"]
[Tue May 06 09:55:23.883358 2025] [:error] [pid 2955450] [client 45.148.10.98:47370] [client 45.148.10.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBnAawkYV-vARAMMZzPBuAAAAAU"]
[Tue May 06 09:56:43.068541 2025] [:error] [pid 2956770] [client 45.148.10.98:36076] [client 45.148.10.98] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBnAuwcy8aPU3YB-D8cX8gAAAAY"]
[Tue May 06 09:56:43.068820 2025] [:error] [pid 2956770] [client 45.148.10.98:36076] [client 45.148.10.98] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBnAuwcy8aPU3YB-D8cX8gAAAAY"]
[Tue May 06 09:56:43.068990 2025] [:error] [pid 2956770] [client 45.148.10.98:36076] [client 45.148.10.98] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBnAuwcy8aPU3YB-D8cX8gAAAAY"]
[Tue May 06 12:11:32.128196 2025] [:error] [pid 2955373] [client 18.234.179.136:36742] [client 18.234.179.136] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBngVFKLJB2pE0YkgEeaDwAAAAE"]
[Tue May 06 12:11:32.128478 2025] [:error] [pid 2955373] [client 18.234.179.136:36742] [client 18.234.179.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBngVFKLJB2pE0YkgEeaDwAAAAE"]
[Tue May 06 12:11:32.128649 2025] [:error] [pid 2955373] [client 18.234.179.136:36742] [client 18.234.179.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBngVFKLJB2pE0YkgEeaDwAAAAE"]
[Tue May 06 13:55:22.608466 2025] [:error] [pid 2955450] [client 45.139.104.181:54094] [client 45.139.104.181] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBn4qgkYV-vARAMMZzPBxQAAAAU"]
[Tue May 06 13:55:22.608753 2025] [:error] [pid 2955450] [client 45.139.104.181:54094] [client 45.139.104.181] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBn4qgkYV-vARAMMZzPBxQAAAAU"]
[Tue May 06 13:55:22.608950 2025] [:error] [pid 2955450] [client 45.139.104.181:54094] [client 45.139.104.181] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBn4qgkYV-vARAMMZzPBxQAAAAU"]
[Tue May 06 17:55:09.826872 2025] [:error] [pid 2955373] [client 196.251.72.127:45118] [client 196.251.72.127] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBow3VKLJB2pE0YkgEeaIAAAAAE"]
[Tue May 06 17:55:09.827172 2025] [:error] [pid 2955373] [client 196.251.72.127:45118] [client 196.251.72.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBow3VKLJB2pE0YkgEeaIAAAAAE"]
[Tue May 06 17:55:09.827355 2025] [:error] [pid 2955373] [client 196.251.72.127:45118] [client 196.251.72.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBow3VKLJB2pE0YkgEeaIAAAAAE"]
[Wed May 07 20:52:33.206379 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBur8a4g94IEkoEbleczoAAAAA4"]
[Wed May 07 20:52:33.207431 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBur8a4g94IEkoEbleczoAAAAA4"]
[Wed May 07 20:52:33.207609 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aBur8a4g94IEkoEbleczoAAAAA4"]
[Wed May 07 20:52:33.229604 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aBur8a4g94IEkoEbleczoQAAAA4"]
[Wed May 07 20:52:33.229835 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aBur8a4g94IEkoEbleczoQAAAA4"]
[Wed May 07 20:52:33.230023 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aBur8a4g94IEkoEbleczoQAAAA4"]
[Wed May 07 20:52:33.251927 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aBur8a4g94IEkoEbleczogAAAA4"]
[Wed May 07 20:52:33.252156 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aBur8a4g94IEkoEbleczogAAAA4"]
[Wed May 07 20:52:33.252330 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aBur8a4g94IEkoEbleczogAAAA4"]
[Wed May 07 20:52:33.297123 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aBur8a4g94IEkoEbleczpAAAAA4"]
[Wed May 07 20:52:33.297355 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aBur8a4g94IEkoEbleczpAAAAA4"]
[Wed May 07 20:52:33.297542 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aBur8a4g94IEkoEbleczpAAAAA4"]
[Wed May 07 20:52:33.319541 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aBur8a4g94IEkoEbleczpQAAAA4"]
[Wed May 07 20:52:33.319791 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aBur8a4g94IEkoEbleczpQAAAA4"]
[Wed May 07 20:52:33.319969 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aBur8a4g94IEkoEbleczpQAAAA4"]
[Wed May 07 20:52:33.341997 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aBur8a4g94IEkoEbleczpgAAAA4"]
[Wed May 07 20:52:33.342291 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aBur8a4g94IEkoEbleczpgAAAA4"]
[Wed May 07 20:52:33.342502 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aBur8a4g94IEkoEbleczpgAAAA4"]
[Wed May 07 20:52:33.364463 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aBur8a4g94IEkoEbleczpwAAAA4"]
[Wed May 07 20:52:33.364691 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aBur8a4g94IEkoEbleczpwAAAA4"]
[Wed May 07 20:52:33.364868 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aBur8a4g94IEkoEbleczpwAAAA4"]
[Wed May 07 20:52:33.387237 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aBur8a4g94IEkoEbleczqAAAAA4"]
[Wed May 07 20:52:33.387493 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aBur8a4g94IEkoEbleczqAAAAA4"]
[Wed May 07 20:52:33.387681 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aBur8a4g94IEkoEbleczqAAAAA4"]
[Wed May 07 20:52:33.432704 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aBur8a4g94IEkoEbleczqgAAAA4"]
[Wed May 07 20:52:33.432933 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aBur8a4g94IEkoEbleczqgAAAA4"]
[Wed May 07 20:52:33.433092 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aBur8a4g94IEkoEbleczqgAAAA4"]
[Wed May 07 20:52:33.455247 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aBur8a4g94IEkoEbleczqwAAAA4"]
[Wed May 07 20:52:33.455477 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aBur8a4g94IEkoEbleczqwAAAA4"]
[Wed May 07 20:52:33.455654 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aBur8a4g94IEkoEbleczqwAAAA4"]
[Wed May 07 20:52:33.477540 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aBur8a4g94IEkoEbleczrAAAAA4"]
[Wed May 07 20:52:33.477773 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aBur8a4g94IEkoEbleczrAAAAA4"]
[Wed May 07 20:52:33.477961 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aBur8a4g94IEkoEbleczrAAAAA4"]
[Wed May 07 20:52:33.499998 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aBur8a4g94IEkoEbleczrQAAAA4"]
[Wed May 07 20:52:33.500234 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aBur8a4g94IEkoEbleczrQAAAA4"]
[Wed May 07 20:52:33.500421 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aBur8a4g94IEkoEbleczrQAAAA4"]
[Wed May 07 20:52:33.522442 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aBur8a4g94IEkoEbleczrgAAAA4"]
[Wed May 07 20:52:33.522673 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aBur8a4g94IEkoEbleczrgAAAA4"]
[Wed May 07 20:52:33.522843 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aBur8a4g94IEkoEbleczrgAAAA4"]
[Wed May 07 20:52:33.544849 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aBur8a4g94IEkoEbleczrwAAAA4"]
[Wed May 07 20:52:33.545080 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aBur8a4g94IEkoEbleczrwAAAA4"]
[Wed May 07 20:52:33.545290 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aBur8a4g94IEkoEbleczrwAAAA4"]
[Wed May 07 20:52:33.567335 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBur8a4g94IEkoEbleczsAAAAA4"]
[Wed May 07 20:52:33.567641 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBur8a4g94IEkoEbleczsAAAAA4"]
[Wed May 07 20:52:33.567816 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBur8a4g94IEkoEbleczsAAAAA4"]
[Wed May 07 20:52:33.589698 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aBur8a4g94IEkoEbleczsQAAAA4"]
[Wed May 07 20:52:33.589934 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aBur8a4g94IEkoEbleczsQAAAA4"]
[Wed May 07 20:52:33.590119 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aBur8a4g94IEkoEbleczsQAAAA4"]
[Wed May 07 20:52:33.612129 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /home/user/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aBur8a4g94IEkoEbleczsgAAAA4"]
[Wed May 07 20:52:33.612363 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aBur8a4g94IEkoEbleczsgAAAA4"]
[Wed May 07 20:52:33.612555 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aBur8a4g94IEkoEbleczsgAAAA4"]
[Wed May 07 20:52:33.634559 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aBur8a4g94IEkoEbleczswAAAA4"]
[Wed May 07 20:52:33.634784 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aBur8a4g94IEkoEbleczswAAAA4"]
[Wed May 07 20:52:33.634963 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aBur8a4g94IEkoEbleczswAAAA4"]
[Wed May 07 20:52:33.656801 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aBur8a4g94IEkoEblecztAAAAA4"]
[Wed May 07 20:52:33.657018 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aBur8a4g94IEkoEblecztAAAAA4"]
[Wed May 07 20:52:33.657200 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aBur8a4g94IEkoEblecztAAAAA4"]
[Wed May 07 20:52:33.679363 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aBur8a4g94IEkoEblecztQAAAA4"]
[Wed May 07 20:52:33.679601 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aBur8a4g94IEkoEblecztQAAAA4"]
[Wed May 07 20:52:33.679785 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aBur8a4g94IEkoEblecztQAAAA4"]
[Wed May 07 20:52:33.701761 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aBur8a4g94IEkoEblecztgAAAA4"]
[Wed May 07 20:52:33.702004 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aBur8a4g94IEkoEblecztgAAAA4"]
[Wed May 07 20:52:33.702188 2025] [:error] [pid 3002293] [client 154.83.103.204:13822] [client 154.83.103.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aBur8a4g94IEkoEblecztgAAAA4"]
[Thu May 08 06:07:38.756137 2025] [:error] [pid 3010391] [client 93.123.109.7:50554] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBwuCuBDVLneEDi_3QOVIAAAAAU"]
[Thu May 08 06:07:38.756397 2025] [:error] [pid 3010391] [client 93.123.109.7:50554] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBwuCuBDVLneEDi_3QOVIAAAAAU"]
[Thu May 08 06:07:38.756558 2025] [:error] [pid 3010391] [client 93.123.109.7:50554] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aBwuCuBDVLneEDi_3QOVIAAAAAU"]
[Sat May 10 15:41:00.971684 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aB9XbH0QE4ypGnyWNt4RAAAAAAA"]
[Sat May 10 15:41:00.973177 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aB9XbH0QE4ypGnyWNt4RAAAAAAA"]
[Sat May 10 15:41:00.973389 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aB9XbH0QE4ypGnyWNt4RAAAAAAA"]
[Sat May 10 15:41:00.995627 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aB9XbH0QE4ypGnyWNt4RAQAAAAA"]
[Sat May 10 15:41:00.995859 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aB9XbH0QE4ypGnyWNt4RAQAAAAA"]
[Sat May 10 15:41:00.996031 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aB9XbH0QE4ypGnyWNt4RAQAAAAA"]
[Sat May 10 15:41:01.206473 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aB9XbX0QE4ypGnyWNt4RAgAAAAA"]
[Sat May 10 15:41:01.206714 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aB9XbX0QE4ypGnyWNt4RAgAAAAA"]
[Sat May 10 15:41:01.206900 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aB9XbX0QE4ypGnyWNt4RAgAAAAA"]
[Sat May 10 15:41:01.229138 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RAwAAAAA"]
[Sat May 10 15:41:01.229382 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RAwAAAAA"]
[Sat May 10 15:41:01.229553 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RAwAAAAA"]
[Sat May 10 15:41:01.251913 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RBAAAAAA"]
[Sat May 10 15:41:01.252141 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RBAAAAAA"]
[Sat May 10 15:41:01.252320 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/settings/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RBAAAAAA"]
[Sat May 10 15:41:01.321184 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aB9XbX0QE4ypGnyWNt4RBwAAAAA"]
[Sat May 10 15:41:01.321428 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aB9XbX0QE4ypGnyWNt4RBwAAAAA"]
[Sat May 10 15:41:01.321620 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aB9XbX0QE4ypGnyWNt4RBwAAAAA"]
[Sat May 10 15:41:01.391100 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.ini"] [unique_id "aB9XbX0QE4ypGnyWNt4RCgAAAAA"]
[Sat May 10 15:41:01.391477 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.ini"] [unique_id "aB9XbX0QE4ypGnyWNt4RCgAAAAA"]
[Sat May 10 15:41:01.391663 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.ini"] [unique_id "aB9XbX0QE4ypGnyWNt4RCgAAAAA"]
[Sat May 10 15:41:01.437318 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aB9XbX0QE4ypGnyWNt4RDAAAAAA"]
[Sat May 10 15:41:01.437575 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aB9XbX0QE4ypGnyWNt4RDAAAAAA"]
[Sat May 10 15:41:01.437771 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aB9XbX0QE4ypGnyWNt4RDAAAAAA"]
[Sat May 10 15:41:01.673337 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RFgAAAAA"]
[Sat May 10 15:41:01.673627 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RFgAAAAA"]
[Sat May 10 15:41:01.673813 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aB9XbX0QE4ypGnyWNt4RFgAAAAA"]
[Sat May 10 15:41:01.696107 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aB9XbX0QE4ypGnyWNt4RFwAAAAA"]
[Sat May 10 15:41:01.696363 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aB9XbX0QE4ypGnyWNt4RFwAAAAA"]
[Sat May 10 15:41:01.696548 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aB9XbX0QE4ypGnyWNt4RFwAAAAA"]
[Sat May 10 15:41:02.009923 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aB9Xbn0QE4ypGnyWNt4RGwAAAAA"]
[Sat May 10 15:41:02.010429 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aB9Xbn0QE4ypGnyWNt4RGwAAAAA"]
[Sat May 10 15:41:02.010637 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aB9Xbn0QE4ypGnyWNt4RGwAAAAA"]
[Sat May 10 15:41:02.032864 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.bak"] [unique_id "aB9Xbn0QE4ypGnyWNt4RHAAAAAA"]
[Sat May 10 15:41:02.033222 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.bak"] [unique_id "aB9Xbn0QE4ypGnyWNt4RHAAAAAA"]
[Sat May 10 15:41:02.033408 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.bak"] [unique_id "aB9Xbn0QE4ypGnyWNt4RHAAAAAA"]
[Sat May 10 15:41:02.080387 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RHgAAAAA"]
[Sat May 10 15:41:02.080642 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RHgAAAAA"]
[Sat May 10 15:41:02.080822 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RHgAAAAA"]
[Sat May 10 15:41:02.173248 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RIgAAAAA"]
[Sat May 10 15:41:02.173490 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RIgAAAAA"]
[Sat May 10 15:41:02.173670 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RIgAAAAA"]
[Sat May 10 15:41:02.195983 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RIwAAAAA"]
[Sat May 10 15:41:02.196241 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RIwAAAAA"]
[Sat May 10 15:41:02.196421 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/.env"] [unique_id "aB9Xbn0QE4ypGnyWNt4RIwAAAAA"]
[Sat May 10 15:41:02.218809 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJAAAAAA"]
[Sat May 10 15:41:02.219049 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJAAAAAA"]
[Sat May 10 15:41:02.219236 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJAAAAAA"]
[Sat May 10 15:41:02.241521 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJQAAAAA"]
[Sat May 10 15:41:02.241768 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJQAAAAA"]
[Sat May 10 15:41:02.241964 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJQAAAAA"]
[Sat May 10 15:41:02.264332 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJgAAAAA"]
[Sat May 10 15:41:02.264575 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJgAAAAA"]
[Sat May 10 15:41:02.264757 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJgAAAAA"]
[Sat May 10 15:41:02.286961 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJwAAAAA"]
[Sat May 10 15:41:02.287224 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJwAAAAA"]
[Sat May 10 15:41:02.287411 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aB9Xbn0QE4ypGnyWNt4RJwAAAAA"]
[Sat May 10 15:41:02.309638 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aB9Xbn0QE4ypGnyWNt4RKAAAAAA"]
[Sat May 10 15:41:02.309877 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aB9Xbn0QE4ypGnyWNt4RKAAAAAA"]
[Sat May 10 15:41:02.310058 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aB9Xbn0QE4ypGnyWNt4RKAAAAAA"]
[Sat May 10 15:41:02.332450 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aB9Xbn0QE4ypGnyWNt4RKQAAAAA"]
[Sat May 10 15:41:02.332676 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aB9Xbn0QE4ypGnyWNt4RKQAAAAA"]
[Sat May 10 15:41:02.332866 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aB9Xbn0QE4ypGnyWNt4RKQAAAAA"]
[Sat May 10 15:41:02.426857 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aB9Xbn0QE4ypGnyWNt4RLQAAAAA"]
[Sat May 10 15:41:02.427125 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aB9Xbn0QE4ypGnyWNt4RLQAAAAA"]
[Sat May 10 15:41:02.427318 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aB9Xbn0QE4ypGnyWNt4RLQAAAAA"]
[Sat May 10 15:41:02.758462 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php.ini"] [unique_id "aB9Xbn0QE4ypGnyWNt4RMgAAAAA"]
[Sat May 10 15:41:02.758839 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php.ini"] [unique_id "aB9Xbn0QE4ypGnyWNt4RMgAAAAA"]
[Sat May 10 15:41:02.759033 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php.ini"] [unique_id "aB9Xbn0QE4ypGnyWNt4RMgAAAAA"]
[Sat May 10 15:41:02.827752 2025] [authz_core:error] [pid 3059055] [client 154.83.103.111:56996] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Sat May 10 15:41:03.015605 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aB9Xb30QE4ypGnyWNt4RPQAAAAA"]
[Sat May 10 15:41:03.015868 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aB9Xb30QE4ypGnyWNt4RPQAAAAA"]
[Sat May 10 15:41:03.016062 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aB9Xb30QE4ypGnyWNt4RPQAAAAA"]
[Sat May 10 15:41:03.061885 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aB9Xb30QE4ypGnyWNt4RPwAAAAA"]
[Sat May 10 15:41:03.062146 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aB9Xb30QE4ypGnyWNt4RPwAAAAA"]
[Sat May 10 15:41:03.062368 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aB9Xb30QE4ypGnyWNt4RPwAAAAA"]
[Sat May 10 15:41:03.084661 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aB9Xb30QE4ypGnyWNt4RQAAAAAA"]
[Sat May 10 15:41:03.084907 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aB9Xb30QE4ypGnyWNt4RQAAAAAA"]
[Sat May 10 15:41:03.085145 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aB9Xb30QE4ypGnyWNt4RQAAAAAA"]
[Sat May 10 15:41:03.377846 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aB9Xb30QE4ypGnyWNt4RRAAAAAA"]
[Sat May 10 15:41:03.378216 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aB9Xb30QE4ypGnyWNt4RRAAAAAA"]
[Sat May 10 15:41:03.378483 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aB9Xb30QE4ypGnyWNt4RRAAAAAA"]
[Sat May 10 15:41:03.404328 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RRQAAAAA"]
[Sat May 10 15:41:03.404722 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RRQAAAAA"]
[Sat May 10 15:41:03.404904 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RRQAAAAA"]
[Sat May 10 15:41:03.529400 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aB9Xb30QE4ypGnyWNt4RSgAAAAA"]
[Sat May 10 15:41:03.529637 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aB9Xb30QE4ypGnyWNt4RSgAAAAA"]
[Sat May 10 15:41:03.529889 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aB9Xb30QE4ypGnyWNt4RSgAAAAA"]
[Sat May 10 15:41:03.552177 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aB9Xb30QE4ypGnyWNt4RSwAAAAA"]
[Sat May 10 15:41:03.552428 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aB9Xb30QE4ypGnyWNt4RSwAAAAA"]
[Sat May 10 15:41:03.552639 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aB9Xb30QE4ypGnyWNt4RSwAAAAA"]
[Sat May 10 15:41:03.575008 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aB9Xb30QE4ypGnyWNt4RTAAAAAA"]
[Sat May 10 15:41:03.575252 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aB9Xb30QE4ypGnyWNt4RTAAAAAA"]
[Sat May 10 15:41:03.575436 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aB9Xb30QE4ypGnyWNt4RTAAAAAA"]
[Sat May 10 15:41:03.597771 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/logs/dev.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RTQAAAAA"]
[Sat May 10 15:41:03.598130 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/logs/dev.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RTQAAAAA"]
[Sat May 10 15:41:03.598360 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/logs/dev.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RTQAAAAA"]
[Sat May 10 15:41:03.620536 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/logs/prod.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RTgAAAAA"]
[Sat May 10 15:41:03.620893 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/logs/prod.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RTgAAAAA"]
[Sat May 10 15:41:03.621164 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/logs/prod.log"] [unique_id "aB9Xb30QE4ypGnyWNt4RTgAAAAA"]
[Sat May 10 15:41:03.713458 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aB9Xb30QE4ypGnyWNt4RUgAAAAA"]
[Sat May 10 15:41:03.713625 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aB9Xb30QE4ypGnyWNt4RUgAAAAA"]
[Sat May 10 15:41:03.713857 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aB9Xb30QE4ypGnyWNt4RUgAAAAA"]
[Sat May 10 15:41:03.714059 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aB9Xb30QE4ypGnyWNt4RUgAAAAA"]
[Sat May 10 15:41:03.735940 2025] [authz_core:error] [pid 3059055] [client 154.83.103.111:56996] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htaccess
[Sat May 10 15:41:04.048003 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aB9XcH0QE4ypGnyWNt4RWAAAAAA"]
[Sat May 10 15:41:04.048234 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aB9XcH0QE4ypGnyWNt4RWAAAAAA"]
[Sat May 10 15:41:04.048409 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aB9XcH0QE4ypGnyWNt4RWAAAAAA"]
[Sat May 10 15:41:04.094334 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/system.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RWgAAAAA"]
[Sat May 10 15:41:04.094665 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/system.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RWgAAAAA"]
[Sat May 10 15:41:04.094877 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/system.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RWgAAAAA"]
[Sat May 10 15:41:04.117144 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/exception.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RWwAAAAA"]
[Sat May 10 15:41:04.117474 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/exception.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RWwAAAAA"]
[Sat May 10 15:41:04.117645 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/exception.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RWwAAAAA"]
[Sat May 10 15:41:04.139858 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "aB9XcH0QE4ypGnyWNt4RXAAAAAA"]
[Sat May 10 15:41:04.140198 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "aB9XcH0QE4ypGnyWNt4RXAAAAAA"]
[Sat May 10 15:41:04.140382 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "aB9XcH0QE4ypGnyWNt4RXAAAAAA"]
[Sat May 10 15:41:04.185719 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RXgAAAAA"]
[Sat May 10 15:41:04.186051 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RXgAAAAA"]
[Sat May 10 15:41:04.186212 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aB9XcH0QE4ypGnyWNt4RXgAAAAA"]
[Sat May 10 15:41:04.301495 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aB9XcH0QE4ypGnyWNt4RYwAAAAA"]
[Sat May 10 15:41:04.301731 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aB9XcH0QE4ypGnyWNt4RYwAAAAA"]
[Sat May 10 15:41:04.301914 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aB9XcH0QE4ypGnyWNt4RYwAAAAA"]
[Sat May 10 15:41:04.324207 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aB9XcH0QE4ypGnyWNt4RZAAAAAA"]
[Sat May 10 15:41:04.324424 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aB9XcH0QE4ypGnyWNt4RZAAAAAA"]
[Sat May 10 15:41:04.324583 2025] [:error] [pid 3059055] [client 154.83.103.111:56996] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aB9XcH0QE4ypGnyWNt4RZAAAAAA"]
[Sat May 10 15:41:04.857336 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNQAAAAI"]
[Sat May 10 15:41:04.857564 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNQAAAAI"]
[Sat May 10 15:41:04.857738 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNQAAAAI"]
[Sat May 10 15:41:04.879877 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNgAAAAI"]
[Sat May 10 15:41:04.880133 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNgAAAAI"]
[Sat May 10 15:41:04.880327 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNgAAAAI"]
[Sat May 10 15:41:04.902533 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNwAAAAI"]
[Sat May 10 15:41:04.902775 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNwAAAAI"]
[Sat May 10 15:41:04.902960 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSNwAAAAI"]
[Sat May 10 15:41:04.925169 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOAAAAAI"]
[Sat May 10 15:41:04.925408 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOAAAAAI"]
[Sat May 10 15:41:04.925589 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOAAAAAI"]
[Sat May 10 15:41:04.947738 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOQAAAAI"]
[Sat May 10 15:41:04.948039 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOQAAAAI"]
[Sat May 10 15:41:04.948241 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOQAAAAI"]
[Sat May 10 15:41:04.970422 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/branches/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/branches/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOgAAAAI"]
[Sat May 10 15:41:04.970668 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/branches/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOgAAAAI"]
[Sat May 10 15:41:04.970849 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/branches/"] [unique_id "aB9XcCMUhQ8W_ipCq8iSOgAAAAI"]
[Sat May 10 15:41:05.086149 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aB9XcSMUhQ8W_ipCq8iSPwAAAAI"]
[Sat May 10 15:41:05.086500 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aB9XcSMUhQ8W_ipCq8iSPwAAAAI"]
[Sat May 10 15:41:05.086683 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aB9XcSMUhQ8W_ipCq8iSPwAAAAI"]
[Sat May 10 15:41:05.108676 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aB9XcSMUhQ8W_ipCq8iSQAAAAAI"]
[Sat May 10 15:41:05.109011 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aB9XcSMUhQ8W_ipCq8iSQAAAAAI"]
[Sat May 10 15:41:05.109201 2025] [:error] [pid 3059057] [client 154.83.103.111:35516] [client 154.83.103.111] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aB9XcSMUhQ8W_ipCq8iSQAAAAAI"]
[Tue May 13 07:15:58.370407 2025] [:error] [pid 3118199] [client 176.98.186.45:55085] [client 176.98.186.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCLVjkh5QMpOL7IpbmTi_gAAAAA"]
[Tue May 13 07:15:58.371714 2025] [:error] [pid 3118199] [client 176.98.186.45:55085] [client 176.98.186.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCLVjkh5QMpOL7IpbmTi_gAAAAA"]
[Tue May 13 07:15:58.371910 2025] [:error] [pid 3118199] [client 176.98.186.45:55085] [client 176.98.186.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCLVjkh5QMpOL7IpbmTi_gAAAAA"]
[Tue May 13 07:15:59.204726 2025] [:error] [pid 3118201] [client 176.98.186.45:57023] [client 176.98.186.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCLVj4utoXP2cZ2pud0yTQAAAAI"]
[Tue May 13 07:15:59.204975 2025] [:error] [pid 3118201] [client 176.98.186.45:57023] [client 176.98.186.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCLVj4utoXP2cZ2pud0yTQAAAAI"]
[Tue May 13 07:15:59.205153 2025] [:error] [pid 3118201] [client 176.98.186.45:57023] [client 176.98.186.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aCLVj4utoXP2cZ2pud0yTQAAAAI"]
[Tue May 13 07:15:59.980250 2025] [:error] [pid 3118208] [client 176.98.186.45:58764] [client 176.98.186.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCLVj6HUKFZm9gUzsbIo5AAAAAU"]
[Tue May 13 07:15:59.980505 2025] [:error] [pid 3118208] [client 176.98.186.45:58764] [client 176.98.186.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCLVj6HUKFZm9gUzsbIo5AAAAAU"]
[Tue May 13 07:15:59.980679 2025] [:error] [pid 3118208] [client 176.98.186.45:58764] [client 176.98.186.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCLVj6HUKFZm9gUzsbIo5AAAAAU"]
[Tue May 13 07:16:00.281893 2025] [:error] [pid 3118202] [client 176.98.186.45:59491] [client 176.98.186.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCLVkJo8Y6wshjcS_wvrpwAAAAM"]
[Tue May 13 07:16:00.282156 2025] [:error] [pid 3118202] [client 176.98.186.45:59491] [client 176.98.186.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCLVkJo8Y6wshjcS_wvrpwAAAAM"]
[Tue May 13 07:16:00.282368 2025] [:error] [pid 3118202] [client 176.98.186.45:59491] [client 176.98.186.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCLVkJo8Y6wshjcS_wvrpwAAAAM"]
[Tue May 13 07:16:01.726939 2025] [:error] [pid 3118200] [client 176.98.186.45:63341] [client 176.98.186.45] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCLVkb3zzg80F-yPhoZVRQAAAAE"]
[Tue May 13 07:16:01.727186 2025] [:error] [pid 3118200] [client 176.98.186.45:63341] [client 176.98.186.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCLVkb3zzg80F-yPhoZVRQAAAAE"]
[Tue May 13 07:16:01.727368 2025] [:error] [pid 3118200] [client 176.98.186.45:63341] [client 176.98.186.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aCLVkb3zzg80F-yPhoZVRQAAAAE"]
[Tue May 13 07:16:07.228187 2025] [:error] [pid 3118202] [client 176.98.186.45:57666] [client 176.98.186.45] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCLVl5o8Y6wshjcS_wvrqQAAAAM"]
[Tue May 13 07:16:07.228453 2025] [:error] [pid 3118202] [client 176.98.186.45:57666] [client 176.98.186.45] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCLVl5o8Y6wshjcS_wvrqQAAAAM"]
[Tue May 13 07:16:07.229124 2025] [:error] [pid 3118202] [client 176.98.186.45:57666] [client 176.98.186.45] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aCLVl5o8Y6wshjcS_wvrqQAAAAM"]
[Sun May 18 09:55:04.029381 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCmSWBxjSFkyzmhkFJ4DJwAAAAs"]
[Sun May 18 09:55:04.030501 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCmSWBxjSFkyzmhkFJ4DJwAAAAs"]
[Sun May 18 09:55:04.030683 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCmSWBxjSFkyzmhkFJ4DJwAAAAs"]
[Sun May 18 09:55:04.404060 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCmSWBxjSFkyzmhkFJ4DKAAAAAs"]
[Sun May 18 09:55:04.404311 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCmSWBxjSFkyzmhkFJ4DKAAAAAs"]
[Sun May 18 09:55:04.404527 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aCmSWBxjSFkyzmhkFJ4DKAAAAAs"]
[Sun May 18 09:55:04.740185 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCmSWBxjSFkyzmhkFJ4DKQAAAAs"]
[Sun May 18 09:55:04.740427 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCmSWBxjSFkyzmhkFJ4DKQAAAAs"]
[Sun May 18 09:55:04.740616 2025] [:error] [pid 3243898] [client 170.39.217.179:50772] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aCmSWBxjSFkyzmhkFJ4DKQAAAAs"]
[Sun May 18 09:55:32.243956 2025] [:error] [pid 3242438] [client 170.39.217.179:42158] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aCmSdG5LSh5VjHFMrS3d0AAAAAo"]
[Sun May 18 09:55:32.244212 2025] [:error] [pid 3242438] [client 170.39.217.179:42158] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aCmSdG5LSh5VjHFMrS3d0AAAAAo"]
[Sun May 18 09:55:32.244394 2025] [:error] [pid 3242438] [client 170.39.217.179:42158] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aCmSdG5LSh5VjHFMrS3d0AAAAAo"]
[Sun May 18 09:55:32.511030 2025] [:error] [pid 3242438] [client 170.39.217.179:42158] [client 170.39.217.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aCmSdG5LSh5VjHFMrS3d0QAAAAo"]
[Sun May 18 09:55:32.511234 2025] [:error] [pid 3242438] [client 170.39.217.179:42158] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aCmSdG5LSh5VjHFMrS3d0QAAAAo"]
[Sun May 18 09:55:32.511585 2025] [:error] [pid 3242438] [client 170.39.217.179:42158] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aCmSdG5LSh5VjHFMrS3d0QAAAAo"]
[Sun May 18 09:55:32.511842 2025] [:error] [pid 3242438] [client 170.39.217.179:42158] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aCmSdG5LSh5VjHFMrS3d0QAAAAo"]
[Sun May 18 09:56:02.311696 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aCmSkjSaScNBkRQkSaOE2gAAAA0"]
[Sun May 18 09:56:02.311864 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aCmSkjSaScNBkRQkSaOE2gAAAA0"]
[Sun May 18 09:56:02.312129 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aCmSkjSaScNBkRQkSaOE2gAAAA0"]
[Sun May 18 09:56:02.312303 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aCmSkjSaScNBkRQkSaOE2gAAAA0"]
[Sun May 18 09:56:02.885691 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aCmSkjSaScNBkRQkSaOE2wAAAA0"]
[Sun May 18 09:56:02.885964 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aCmSkjSaScNBkRQkSaOE2wAAAA0"]
[Sun May 18 09:56:02.886146 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aCmSkjSaScNBkRQkSaOE2wAAAA0"]
[Sun May 18 09:56:03.409121 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCmSkzSaScNBkRQkSaOE3AAAAA0"]
[Sun May 18 09:56:03.409359 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCmSkzSaScNBkRQkSaOE3AAAAA0"]
[Sun May 18 09:56:03.409568 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aCmSkzSaScNBkRQkSaOE3AAAAA0"]
[Sun May 18 09:56:03.822552 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aCmSkzSaScNBkRQkSaOE3QAAAA0"]
[Sun May 18 09:56:03.822805 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aCmSkzSaScNBkRQkSaOE3QAAAA0"]
[Sun May 18 09:56:03.823020 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aCmSkzSaScNBkRQkSaOE3QAAAA0"]
[Sun May 18 09:56:04.288026 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aCmSlDSaScNBkRQkSaOE3gAAAA0"]
[Sun May 18 09:56:04.288286 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aCmSlDSaScNBkRQkSaOE3gAAAA0"]
[Sun May 18 09:56:04.288507 2025] [:error] [pid 3242441] [client 170.39.217.179:54672] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aCmSlDSaScNBkRQkSaOE3gAAAA0"]
[Sun May 18 09:56:32.050091 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aCmSsKidVvYEkQknJ8nwqgAAAAU"]
[Sun May 18 09:56:32.050362 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aCmSsKidVvYEkQknJ8nwqgAAAAU"]
[Sun May 18 09:56:32.050557 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aCmSsKidVvYEkQknJ8nwqgAAAAU"]
[Sun May 18 09:56:32.365595 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aCmSsKidVvYEkQknJ8nwqwAAAAU"]
[Sun May 18 09:56:32.365872 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aCmSsKidVvYEkQknJ8nwqwAAAAU"]
[Sun May 18 09:56:32.366086 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aCmSsKidVvYEkQknJ8nwqwAAAAU"]
[Sun May 18 09:56:32.813788 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.3"] [unique_id "aCmSsKidVvYEkQknJ8nwrAAAAAU"]
[Sun May 18 09:56:32.814152 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.3"] [unique_id "aCmSsKidVvYEkQknJ8nwrAAAAAU"]
[Sun May 18 09:56:32.814457 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.3"] [unique_id "aCmSsKidVvYEkQknJ8nwrAAAAAU"]
[Sun May 18 09:56:33.536785 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.4"] [unique_id "aCmSsaidVvYEkQknJ8nwrQAAAAU"]
[Sun May 18 09:56:33.537044 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.4"] [unique_id "aCmSsaidVvYEkQknJ8nwrQAAAAU"]
[Sun May 18 09:56:33.537271 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.4"] [unique_id "aCmSsaidVvYEkQknJ8nwrQAAAAU"]
[Sun May 18 09:56:34.043795 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.5"] [unique_id "aCmSsqidVvYEkQknJ8nwrgAAAAU"]
[Sun May 18 09:56:34.044177 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.5"] [unique_id "aCmSsqidVvYEkQknJ8nwrgAAAAU"]
[Sun May 18 09:56:34.044475 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.5"] [unique_id "aCmSsqidVvYEkQknJ8nwrgAAAAU"]
[Sun May 18 09:56:34.607534 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.back"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.back"] [unique_id "aCmSsqidVvYEkQknJ8nwrwAAAAU"]
[Sun May 18 09:56:34.607784 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.back"] [unique_id "aCmSsqidVvYEkQknJ8nwrwAAAAU"]
[Sun May 18 09:56:34.607998 2025] [:error] [pid 3240162] [client 170.39.217.179:10132] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.back"] [unique_id "aCmSsqidVvYEkQknJ8nwrwAAAAU"]
[Sun May 18 09:57:03.012461 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save.1"] [unique_id "aCmSzzippbO7RY6a2MH0cQAAAAM"]
[Sun May 18 09:57:03.012726 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save.1"] [unique_id "aCmSzzippbO7RY6a2MH0cQAAAAM"]
[Sun May 18 09:57:03.012921 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save.1"] [unique_id "aCmSzzippbO7RY6a2MH0cQAAAAM"]
[Sun May 18 09:57:03.467235 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_bak"] [unique_id "aCmSzzippbO7RY6a2MH0cgAAAAM"]
[Sun May 18 09:57:03.467466 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_bak"] [unique_id "aCmSzzippbO7RY6a2MH0cgAAAAM"]
[Sun May 18 09:57:03.467664 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_bak"] [unique_id "aCmSzzippbO7RY6a2MH0cgAAAAM"]
[Sun May 18 09:57:03.818910 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_hidden"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_hidden"] [unique_id "aCmSzzippbO7RY6a2MH0cwAAAAM"]
[Sun May 18 09:57:03.819153 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_hidden"] [unique_id "aCmSzzippbO7RY6a2MH0cwAAAAM"]
[Sun May 18 09:57:03.819339 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_hidden"] [unique_id "aCmSzzippbO7RY6a2MH0cwAAAAM"]
[Sun May 18 09:57:04.338585 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.debug"] [unique_id "aCmS0DippbO7RY6a2MH0dAAAAAM"]
[Sun May 18 09:57:04.338824 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.debug"] [unique_id "aCmS0DippbO7RY6a2MH0dAAAAAM"]
[Sun May 18 09:57:04.339027 2025] [:error] [pid 3240159] [client 170.39.217.179:41926] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.debug"] [unique_id "aCmS0DippbO7RY6a2MH0dAAAAAM"]
[Sun May 18 09:57:48.864584 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aCmS_PXK_RHTdh9X4fT1OgAAAAE"]
[Sun May 18 09:57:48.864965 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aCmS_PXK_RHTdh9X4fT1OgAAAAE"]
[Sun May 18 09:57:48.865168 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aCmS_PXK_RHTdh9X4fT1OgAAAAE"]
[Sun May 18 09:57:49.203035 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aCmS_fXK_RHTdh9X4fT1OwAAAAE"]
[Sun May 18 09:57:49.203372 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aCmS_fXK_RHTdh9X4fT1OwAAAAE"]
[Sun May 18 09:57:49.203573 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aCmS_fXK_RHTdh9X4fT1OwAAAAE"]
[Sun May 18 09:57:49.583947 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aCmS_fXK_RHTdh9X4fT1PAAAAAE"]
[Sun May 18 09:57:49.584322 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aCmS_fXK_RHTdh9X4fT1PAAAAAE"]
[Sun May 18 09:57:49.584538 2025] [:error] [pid 3240157] [client 170.39.217.179:2858] [client 170.39.217.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aCmS_fXK_RHTdh9X4fT1PAAAAAE"]
[Sun May 18 16:51:33.767678 2025] [:error] [pid 3242438] [client 45.144.212.129:55134] [client 45.144.212.129] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCnz9W5LSh5VjHFMrS3d7QAAAAo"]
[Sun May 18 16:51:33.767930 2025] [:error] [pid 3242438] [client 45.144.212.129:55134] [client 45.144.212.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCnz9W5LSh5VjHFMrS3d7QAAAAo"]
[Sun May 18 16:51:33.768091 2025] [:error] [pid 3242438] [client 45.144.212.129:55134] [client 45.144.212.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCnz9W5LSh5VjHFMrS3d7QAAAAo"]
[Sun May 18 17:46:13.274503 2025] [:error] [pid 3242441] [client 93.123.109.7:52758] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCoAxTSaScNBkRQkSaOE_AAAAA0"]
[Sun May 18 17:46:13.274803 2025] [:error] [pid 3242441] [client 93.123.109.7:52758] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCoAxTSaScNBkRQkSaOE_AAAAA0"]
[Sun May 18 17:46:13.274979 2025] [:error] [pid 3242441] [client 93.123.109.7:52758] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCoAxTSaScNBkRQkSaOE_AAAAA0"]
[Sun May 18 22:14:42.765683 2025] [:error] [pid 3256684] [client 196.251.88.164:44384] [client 196.251.88.164] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCo_sjEoLl6bsgSmqI9YiAAAAAo"]
[Sun May 18 22:14:42.765976 2025] [:error] [pid 3256684] [client 196.251.88.164:44384] [client 196.251.88.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCo_sjEoLl6bsgSmqI9YiAAAAAo"]
[Sun May 18 22:14:42.766164 2025] [:error] [pid 3256684] [client 196.251.88.164:44384] [client 196.251.88.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCo_sjEoLl6bsgSmqI9YiAAAAAo"]
[Mon May 19 00:48:44.949447 2025] [:error] [pid 3259440] [client 196.251.88.164:52334] [client 196.251.88.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCpjzIkOCaYG9smAh3Xw9wAAAAA"]
[Mon May 19 00:48:44.949775 2025] [:error] [pid 3259440] [client 196.251.88.164:52334] [client 196.251.88.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCpjzIkOCaYG9smAh3Xw9wAAAAA"]
[Mon May 19 00:48:44.950017 2025] [:error] [pid 3259440] [client 196.251.88.164:52334] [client 196.251.88.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCpjzIkOCaYG9smAh3Xw9wAAAAA"]
[Mon May 19 11:00:55.681589 2025] [:error] [pid 3262405] [client 91.206.169.53:35790] [client 91.206.169.53] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCrzRwQPooJnT4GHVv9QrwAAAAg"]
[Mon May 19 11:00:55.681862 2025] [:error] [pid 3262405] [client 91.206.169.53:35790] [client 91.206.169.53] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCrzRwQPooJnT4GHVv9QrwAAAAg"]
[Mon May 19 11:00:55.682031 2025] [:error] [pid 3262405] [client 91.206.169.53:35790] [client 91.206.169.53] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aCrzRwQPooJnT4GHVv9QrwAAAAg"]
[Mon May 19 15:23:14.824430 2025] [:error] [pid 3262376] [client 34.229.113.34:34214] [client 34.229.113.34] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCswwgoySCWbGajAIfFangAAAAY"]
[Mon May 19 15:23:14.824781 2025] [:error] [pid 3262376] [client 34.229.113.34:34214] [client 34.229.113.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCswwgoySCWbGajAIfFangAAAAY"]
[Mon May 19 15:23:14.824949 2025] [:error] [pid 3262376] [client 34.229.113.34:34214] [client 34.229.113.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCswwgoySCWbGajAIfFangAAAAY"]
[Mon May 19 22:14:18.390218 2025] [:error] [pid 3262376] [client 196.251.88.164:43382] [client 196.251.88.164] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCuRGgoySCWbGajAIfFazgAAAAY"]
[Mon May 19 22:14:18.390540 2025] [:error] [pid 3262376] [client 196.251.88.164:43382] [client 196.251.88.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCuRGgoySCWbGajAIfFazgAAAAY"]
[Mon May 19 22:14:18.391246 2025] [:error] [pid 3262376] [client 196.251.88.164:43382] [client 196.251.88.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCuRGgoySCWbGajAIfFazgAAAAY"]
[Tue May 20 13:12:44.018168 2025] [:error] [pid 3283593] [client 34.229.113.34:36102] [client 34.229.113.34] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCxjrGlgD_0X9-csKa_4lgAAAAE"]
[Tue May 20 13:12:44.018525 2025] [:error] [pid 3283593] [client 34.229.113.34:36102] [client 34.229.113.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCxjrGlgD_0X9-csKa_4lgAAAAE"]
[Tue May 20 13:12:44.018741 2025] [:error] [pid 3283593] [client 34.229.113.34:36102] [client 34.229.113.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aCxjrGlgD_0X9-csKa_4lgAAAAE"]
[Wed May 21 18:08:44.831043 2025] [:error] [pid 3303764] [client 35.168.190.204:56616] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jMZPBA1CMzjUnInxIQAAAAM"]
[Wed May 21 18:08:44.831357 2025] [:error] [pid 3303764] [client 35.168.190.204:56616] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jMZPBA1CMzjUnInxIQAAAAM"]
[Wed May 21 18:08:44.831534 2025] [:error] [pid 3303764] [client 35.168.190.204:56616] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jMZPBA1CMzjUnInxIQAAAAM"]
[Wed May 21 18:08:45.023890 2025] [:error] [pid 3313760] [client 35.168.190.204:56620] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36jdlLN5ac-xqHIyEVNgAAAAg"]
[Wed May 21 18:08:45.024180 2025] [:error] [pid 3313760] [client 35.168.190.204:56620] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36jdlLN5ac-xqHIyEVNgAAAAg"]
[Wed May 21 18:08:45.024363 2025] [:error] [pid 3313760] [client 35.168.190.204:56620] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36jdlLN5ac-xqHIyEVNgAAAAg"]
[Wed May 21 18:08:45.235518 2025] [:error] [pid 3313763] [client 35.168.190.204:56634] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jalrZcVgbNHtEmfVSgAAAAo"]
[Wed May 21 18:08:45.235812 2025] [:error] [pid 3313763] [client 35.168.190.204:56634] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jalrZcVgbNHtEmfVSgAAAAo"]
[Wed May 21 18:08:45.235977 2025] [:error] [pid 3313763] [client 35.168.190.204:56634] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jalrZcVgbNHtEmfVSgAAAAo"]
[Wed May 21 18:08:45.469317 2025] [:error] [pid 3303765] [client 35.168.190.204:51286] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36jZML5PFy9d0VqD6U3gAAAAQ"]
[Wed May 21 18:08:45.469621 2025] [:error] [pid 3303765] [client 35.168.190.204:51286] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36jZML5PFy9d0VqD6U3gAAAAQ"]
[Wed May 21 18:08:45.469793 2025] [:error] [pid 3303765] [client 35.168.190.204:51286] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36jZML5PFy9d0VqD6U3gAAAAQ"]
[Wed May 21 18:08:46.944843 2025] [:error] [pid 3303764] [client 35.168.190.204:51378] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jsZPBA1CMzjUnInxIgAAAAM"]
[Wed May 21 18:08:46.945145 2025] [:error] [pid 3303764] [client 35.168.190.204:51378] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jsZPBA1CMzjUnInxIgAAAAM"]
[Wed May 21 18:08:46.945324 2025] [:error] [pid 3303764] [client 35.168.190.204:51378] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36jsZPBA1CMzjUnInxIgAAAAM"]
[Wed May 21 18:08:47.166514 2025] [:error] [pid 3313760] [client 35.168.190.204:51380] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36j9lLN5ac-xqHIyEVNwAAAAg"]
[Wed May 21 18:08:47.166789 2025] [:error] [pid 3313760] [client 35.168.190.204:51380] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36j9lLN5ac-xqHIyEVNwAAAAg"]
[Wed May 21 18:08:47.166970 2025] [:error] [pid 3313760] [client 35.168.190.204:51380] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36j9lLN5ac-xqHIyEVNwAAAAg"]
[Wed May 21 18:08:47.790661 2025] [:error] [pid 3303770] [client 35.168.190.204:51412] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36j-nlOQrEBb9VzygN4gAAAAU"]
[Wed May 21 18:08:47.790943 2025] [:error] [pid 3303770] [client 35.168.190.204:51412] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36j-nlOQrEBb9VzygN4gAAAAU"]
[Wed May 21 18:08:47.791105 2025] [:error] [pid 3303770] [client 35.168.190.204:51412] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36j-nlOQrEBb9VzygN4gAAAAU"]
[Wed May 21 18:08:47.996285 2025] [:error] [pid 3313764] [client 35.168.190.204:51418] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36j92NxWiruqAlaSeOEgAAAAs"]
[Wed May 21 18:08:47.996618 2025] [:error] [pid 3313764] [client 35.168.190.204:51418] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36j92NxWiruqAlaSeOEgAAAAs"]
[Wed May 21 18:08:47.996794 2025] [:error] [pid 3313764] [client 35.168.190.204:51418] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36j92NxWiruqAlaSeOEgAAAAs"]
[Wed May 21 18:08:48.227729 2025] [:error] [pid 3313761] [client 35.168.190.204:51430] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kFXk9LcWrDgULF0F8QAAAAk"]
[Wed May 21 18:08:48.227998 2025] [:error] [pid 3313761] [client 35.168.190.204:51430] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kFXk9LcWrDgULF0F8QAAAAk"]
[Wed May 21 18:08:48.228158 2025] [:error] [pid 3313761] [client 35.168.190.204:51430] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kFXk9LcWrDgULF0F8QAAAAk"]
[Wed May 21 18:08:48.472935 2025] [:error] [pid 3305646] [client 35.168.190.204:51442] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kPS7Ym5NswhmYPlzUQAAAAY"]
[Wed May 21 18:08:48.473200 2025] [:error] [pid 3305646] [client 35.168.190.204:51442] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kPS7Ym5NswhmYPlzUQAAAAY"]
[Wed May 21 18:08:48.473365 2025] [:error] [pid 3305646] [client 35.168.190.204:51442] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kPS7Ym5NswhmYPlzUQAAAAY"]
[Wed May 21 18:08:48.751778 2025] [:error] [pid 3303763] [client 35.168.190.204:51452] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kPjlULtMw0d6JO4TFQAAAAI"]
[Wed May 21 18:08:48.752060 2025] [:error] [pid 3303763] [client 35.168.190.204:51452] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kPjlULtMw0d6JO4TFQAAAAI"]
[Wed May 21 18:08:48.752245 2025] [:error] [pid 3303763] [client 35.168.190.204:51452] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kPjlULtMw0d6JO4TFQAAAAI"]
[Wed May 21 18:08:48.979926 2025] [:error] [pid 3303762] [client 35.168.190.204:51466] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kPXBINEd05eBV8axbQAAAAE"]
[Wed May 21 18:08:48.981097 2025] [:error] [pid 3303762] [client 35.168.190.204:51466] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kPXBINEd05eBV8axbQAAAAE"]
[Wed May 21 18:08:48.981291 2025] [:error] [pid 3303762] [client 35.168.190.204:51466] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kPXBINEd05eBV8axbQAAAAE"]
[Wed May 21 18:08:49.181816 2025] [:error] [pid 3303764] [client 35.168.190.204:51474] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kcZPBA1CMzjUnInxIwAAAAM"]
[Wed May 21 18:08:49.182095 2025] [:error] [pid 3303764] [client 35.168.190.204:51474] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kcZPBA1CMzjUnInxIwAAAAM"]
[Wed May 21 18:08:49.182295 2025] [:error] [pid 3303764] [client 35.168.190.204:51474] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kcZPBA1CMzjUnInxIwAAAAM"]
[Wed May 21 18:08:49.401753 2025] [:error] [pid 3313760] [client 35.168.190.204:51490] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kdlLN5ac-xqHIyEVOAAAAAg"]
[Wed May 21 18:08:49.402040 2025] [:error] [pid 3313760] [client 35.168.190.204:51490] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kdlLN5ac-xqHIyEVOAAAAAg"]
[Wed May 21 18:08:49.402201 2025] [:error] [pid 3313760] [client 35.168.190.204:51490] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kdlLN5ac-xqHIyEVOAAAAAg"]
[Wed May 21 18:08:49.611056 2025] [:error] [pid 3303770] [client 35.168.190.204:51494] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kenlOQrEBb9VzygN4wAAAAU"]
[Wed May 21 18:08:49.611414 2025] [:error] [pid 3303770] [client 35.168.190.204:51494] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kenlOQrEBb9VzygN4wAAAAU"]
[Wed May 21 18:08:49.611622 2025] [:error] [pid 3303770] [client 35.168.190.204:51494] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kenlOQrEBb9VzygN4wAAAAU"]
[Wed May 21 18:08:49.830425 2025] [:error] [pid 3313763] [client 35.168.190.204:51498] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kalrZcVgbNHtEmfVTAAAAAo"]
[Wed May 21 18:08:49.830699 2025] [:error] [pid 3313763] [client 35.168.190.204:51498] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kalrZcVgbNHtEmfVTAAAAAo"]
[Wed May 21 18:08:49.830894 2025] [:error] [pid 3313763] [client 35.168.190.204:51498] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kalrZcVgbNHtEmfVTAAAAAo"]
[Wed May 21 18:08:50.596835 2025] [:error] [pid 3313764] [client 35.168.190.204:51508] [client 35.168.190.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kt2NxWiruqAlaSeOEwAAAAs"]
[Wed May 21 18:08:50.597130 2025] [:error] [pid 3313764] [client 35.168.190.204:51508] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kt2NxWiruqAlaSeOEwAAAAs"]
[Wed May 21 18:08:50.597309 2025] [:error] [pid 3313764] [client 35.168.190.204:51508] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aC36kt2NxWiruqAlaSeOEwAAAAs"]
[Wed May 21 18:08:50.802731 2025] [:error] [pid 3303765] [client 35.168.190.204:51512] [client 35.168.190.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kpML5PFy9d0VqD6U4AAAAAQ"]
[Wed May 21 18:08:50.802997 2025] [:error] [pid 3303765] [client 35.168.190.204:51512] [client 35.168.190.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kpML5PFy9d0VqD6U4AAAAAQ"]
[Wed May 21 18:08:50.803178 2025] [:error] [pid 3303765] [client 35.168.190.204:51512] [client 35.168.190.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aC36kpML5PFy9d0VqD6U4AAAAAQ"]
[Tue May 27 00:39:44.222640 2025] [:error] [pid 3430964] [client 45.144.212.129:57594] [client 45.144.212.129] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDTtsEqFBuD164aWH7iYIgAAAAg"]
[Tue May 27 00:39:44.224968 2025] [:error] [pid 3430964] [client 45.144.212.129:57594] [client 45.144.212.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDTtsEqFBuD164aWH7iYIgAAAAg"]
[Tue May 27 00:39:44.225148 2025] [:error] [pid 3430964] [client 45.144.212.129:57594] [client 45.144.212.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDTtsEqFBuD164aWH7iYIgAAAAg"]
[Tue May 27 03:55:09.277443 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukTQAAABA"]
[Tue May 27 03:55:09.277692 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukTQAAABA"]
[Tue May 27 03:55:09.277860 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukTQAAABA"]
[Tue May 27 03:55:09.300143 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDUbfX4CeMAvTJAIhKukTgAAABA"]
[Tue May 27 03:55:09.300372 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDUbfX4CeMAvTJAIhKukTgAAABA"]
[Tue May 27 03:55:09.300551 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDUbfX4CeMAvTJAIhKukTgAAABA"]
[Tue May 27 03:55:09.322870 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDUbfX4CeMAvTJAIhKukTwAAABA"]
[Tue May 27 03:55:09.323089 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDUbfX4CeMAvTJAIhKukTwAAABA"]
[Tue May 27 03:55:09.323246 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDUbfX4CeMAvTJAIhKukTwAAABA"]
[Tue May 27 03:55:09.369122 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUQAAABA"]
[Tue May 27 03:55:09.369337 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUQAAABA"]
[Tue May 27 03:55:09.369501 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUQAAABA"]
[Tue May 27 03:55:09.391871 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUgAAABA"]
[Tue May 27 03:55:09.392113 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUgAAABA"]
[Tue May 27 03:55:09.392273 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUgAAABA"]
[Tue May 27 03:55:09.414552 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUwAAABA"]
[Tue May 27 03:55:09.414761 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUwAAABA"]
[Tue May 27 03:55:09.414920 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukUwAAABA"]
[Tue May 27 03:55:09.437358 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVAAAABA"]
[Tue May 27 03:55:09.437572 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVAAAABA"]
[Tue May 27 03:55:09.437728 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVAAAABA"]
[Tue May 27 03:55:09.460024 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVQAAABA"]
[Tue May 27 03:55:09.460228 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVQAAABA"]
[Tue May 27 03:55:09.460375 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVQAAABA"]
[Tue May 27 03:55:09.505975 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVwAAABA"]
[Tue May 27 03:55:09.506201 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVwAAABA"]
[Tue May 27 03:55:09.506383 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukVwAAABA"]
[Tue May 27 03:55:09.528666 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWAAAABA"]
[Tue May 27 03:55:09.528869 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWAAAABA"]
[Tue May 27 03:55:09.529021 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWAAAABA"]
[Tue May 27 03:55:09.551168 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWQAAABA"]
[Tue May 27 03:55:09.551374 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWQAAABA"]
[Tue May 27 03:55:09.551548 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWQAAABA"]
[Tue May 27 03:55:09.573874 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWgAAABA"]
[Tue May 27 03:55:09.574117 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWgAAABA"]
[Tue May 27 03:55:09.574335 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWgAAABA"]
[Tue May 27 03:55:09.596705 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWwAAABA"]
[Tue May 27 03:55:09.596980 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWwAAABA"]
[Tue May 27 03:55:09.597153 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukWwAAABA"]
[Tue May 27 03:55:09.619619 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDUbfX4CeMAvTJAIhKukXAAAABA"]
[Tue May 27 03:55:09.619870 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDUbfX4CeMAvTJAIhKukXAAAABA"]
[Tue May 27 03:55:09.620041 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDUbfX4CeMAvTJAIhKukXAAAABA"]
[Tue May 27 03:55:09.720370 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukXQAAABA"]
[Tue May 27 03:55:09.720761 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukXQAAABA"]
[Tue May 27 03:55:09.720975 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukXQAAABA"]
[Tue May 27 03:55:09.743424 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /home/user/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aDUbfX4CeMAvTJAIhKukXgAAABA"]
[Tue May 27 03:55:09.743656 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aDUbfX4CeMAvTJAIhKukXgAAABA"]
[Tue May 27 03:55:09.743826 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aDUbfX4CeMAvTJAIhKukXgAAABA"]
[Tue May 27 03:55:09.766856 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukXwAAABA"]
[Tue May 27 03:55:09.767082 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukXwAAABA"]
[Tue May 27 03:55:09.767270 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukXwAAABA"]
[Tue May 27 03:55:09.789540 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aDUbfX4CeMAvTJAIhKukYAAAABA"]
[Tue May 27 03:55:09.789750 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aDUbfX4CeMAvTJAIhKukYAAAABA"]
[Tue May 27 03:55:09.789903 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aDUbfX4CeMAvTJAIhKukYAAAABA"]
[Tue May 27 03:55:09.812090 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukYQAAABA"]
[Tue May 27 03:55:09.812308 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukYQAAABA"]
[Tue May 27 03:55:09.812461 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aDUbfX4CeMAvTJAIhKukYQAAABA"]
[Tue May 27 03:55:09.834788 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aDUbfX4CeMAvTJAIhKukYgAAABA"]
[Tue May 27 03:55:09.835064 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aDUbfX4CeMAvTJAIhKukYgAAABA"]
[Tue May 27 03:55:09.835240 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aDUbfX4CeMAvTJAIhKukYgAAABA"]
[Tue May 27 03:55:10.066958 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDUbfn4CeMAvTJAIhKukbAAAABA"]
[Tue May 27 03:55:10.067185 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDUbfn4CeMAvTJAIhKukbAAAABA"]
[Tue May 27 03:55:10.067349 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDUbfn4CeMAvTJAIhKukbAAAABA"]
[Tue May 27 03:55:10.089636 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aDUbfn4CeMAvTJAIhKukbQAAABA"]
[Tue May 27 03:55:10.089866 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aDUbfn4CeMAvTJAIhKukbQAAABA"]
[Tue May 27 03:55:10.090056 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aDUbfn4CeMAvTJAIhKukbQAAABA"]
[Tue May 27 03:55:10.112356 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aDUbfn4CeMAvTJAIhKukbgAAABA"]
[Tue May 27 03:55:10.112564 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aDUbfn4CeMAvTJAIhKukbgAAABA"]
[Tue May 27 03:55:10.112725 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aDUbfn4CeMAvTJAIhKukbgAAABA"]
[Tue May 27 03:55:10.159988 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aDUbfn4CeMAvTJAIhKukcAAAABA"]
[Tue May 27 03:55:10.160224 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aDUbfn4CeMAvTJAIhKukcAAAABA"]
[Tue May 27 03:55:10.160405 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aDUbfn4CeMAvTJAIhKukcAAAABA"]
[Tue May 27 03:55:10.182728 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aDUbfn4CeMAvTJAIhKukcQAAABA"]
[Tue May 27 03:55:10.182969 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aDUbfn4CeMAvTJAIhKukcQAAABA"]
[Tue May 27 03:55:10.183135 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aDUbfn4CeMAvTJAIhKukcQAAABA"]
[Tue May 27 03:55:10.205440 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aDUbfn4CeMAvTJAIhKukcgAAABA"]
[Tue May 27 03:55:10.205668 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aDUbfn4CeMAvTJAIhKukcgAAABA"]
[Tue May 27 03:55:10.205828 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aDUbfn4CeMAvTJAIhKukcgAAABA"]
[Tue May 27 03:55:10.228128 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".ssh/authorized_keys" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/authorized_keys found within REQUEST_FILENAME: /.ssh/authorized_keys"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/authorized_keys"] [unique_id "aDUbfn4CeMAvTJAIhKukcwAAABA"]
[Tue May 27 03:55:10.228333 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/authorized_keys"] [unique_id "aDUbfn4CeMAvTJAIhKukcwAAABA"]
[Tue May 27 03:55:10.228484 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/authorized_keys"] [unique_id "aDUbfn4CeMAvTJAIhKukcwAAABA"]
[Tue May 27 03:55:10.250417 2025] [authz_core:error] [pid 3435317] [client 170.39.217.204:23660] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htpasswd
[Tue May 27 03:55:10.272688 2025] [authz_core:error] [pid 3435317] [client 170.39.217.204:23660] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htaccess
[Tue May 27 03:55:10.342115 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aDUbfn4CeMAvTJAIhKukeAAAABA"]
[Tue May 27 03:55:10.342461 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aDUbfn4CeMAvTJAIhKukeAAAABA"]
[Tue May 27 03:55:10.342621 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aDUbfn4CeMAvTJAIhKukeAAAABA"]
[Tue May 27 03:55:10.365096 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aDUbfn4CeMAvTJAIhKukeQAAABA"]
[Tue May 27 03:55:10.365429 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aDUbfn4CeMAvTJAIhKukeQAAABA"]
[Tue May 27 03:55:10.365614 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aDUbfn4CeMAvTJAIhKukeQAAABA"]
[Tue May 27 03:55:10.529167 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aDUbfn4CeMAvTJAIhKukgAAAABA"]
[Tue May 27 03:55:10.529384 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aDUbfn4CeMAvTJAIhKukgAAAABA"]
[Tue May 27 03:55:10.529543 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aDUbfn4CeMAvTJAIhKukgAAAABA"]
[Tue May 27 03:55:10.575083 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDUbfn4CeMAvTJAIhKukggAAABA"]
[Tue May 27 03:55:10.575298 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDUbfn4CeMAvTJAIhKukggAAABA"]
[Tue May 27 03:55:10.575470 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDUbfn4CeMAvTJAIhKukggAAABA"]
[Tue May 27 03:55:10.597994 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aDUbfn4CeMAvTJAIhKukgwAAABA"]
[Tue May 27 03:55:10.598216 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aDUbfn4CeMAvTJAIhKukgwAAABA"]
[Tue May 27 03:55:10.598403 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aDUbfn4CeMAvTJAIhKukgwAAABA"]
[Tue May 27 03:55:10.620764 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aDUbfn4CeMAvTJAIhKukhAAAABA"]
[Tue May 27 03:55:10.620986 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aDUbfn4CeMAvTJAIhKukhAAAABA"]
[Tue May 27 03:55:10.621150 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aDUbfn4CeMAvTJAIhKukhAAAABA"]
[Tue May 27 03:55:10.690085 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aDUbfn4CeMAvTJAIhKukhwAAABA"]
[Tue May 27 03:55:10.690319 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aDUbfn4CeMAvTJAIhKukhwAAABA"]
[Tue May 27 03:55:10.690467 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aDUbfn4CeMAvTJAIhKukhwAAABA"]
[Tue May 27 03:55:10.759563 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aDUbfn4CeMAvTJAIhKukigAAABA"]
[Tue May 27 03:55:10.759778 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aDUbfn4CeMAvTJAIhKukigAAABA"]
[Tue May 27 03:55:10.759936 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aDUbfn4CeMAvTJAIhKukigAAABA"]
[Tue May 27 03:55:10.782202 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".bash_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bash_history found within REQUEST_FILENAME: /.bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aDUbfn4CeMAvTJAIhKukiwAAABA"]
[Tue May 27 03:55:10.782419 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aDUbfn4CeMAvTJAIhKukiwAAABA"]
[Tue May 27 03:55:10.782573 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aDUbfn4CeMAvTJAIhKukiwAAABA"]
[Tue May 27 03:55:10.805332 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".zsh_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .zsh_history found within REQUEST_FILENAME: /.zsh_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aDUbfn4CeMAvTJAIhKukjAAAABA"]
[Tue May 27 03:55:10.805533 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aDUbfn4CeMAvTJAIhKukjAAAABA"]
[Tue May 27 03:55:10.805681 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aDUbfn4CeMAvTJAIhKukjAAAABA"]
[Tue May 27 03:55:10.916755 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".mysql_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .mysql_history found within REQUEST_FILENAME: /.mysql_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.mysql_history"] [unique_id "aDUbfn4CeMAvTJAIhKukjQAAABA"]
[Tue May 27 03:55:10.917001 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.mysql_history"] [unique_id "aDUbfn4CeMAvTJAIhKukjQAAABA"]
[Tue May 27 03:55:10.917184 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.mysql_history"] [unique_id "aDUbfn4CeMAvTJAIhKukjQAAABA"]
[Tue May 27 03:55:10.965331 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDUbfn4CeMAvTJAIhKukjwAAABA"]
[Tue May 27 03:55:10.965560 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDUbfn4CeMAvTJAIhKukjwAAABA"]
[Tue May 27 03:55:10.965723 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDUbfn4CeMAvTJAIhKukjwAAABA"]
[Tue May 27 03:55:10.988132 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDUbfn4CeMAvTJAIhKukkAAAABA"]
[Tue May 27 03:55:10.988361 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDUbfn4CeMAvTJAIhKukkAAAABA"]
[Tue May 27 03:55:10.988536 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDUbfn4CeMAvTJAIhKukkAAAABA"]
[Tue May 27 03:55:11.010756 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aDUbf34CeMAvTJAIhKukkQAAABA"]
[Tue May 27 03:55:11.011083 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aDUbf34CeMAvTJAIhKukkQAAABA"]
[Tue May 27 03:55:11.011253 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aDUbf34CeMAvTJAIhKukkQAAABA"]
[Tue May 27 03:55:11.033493 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public.key"] [unique_id "aDUbf34CeMAvTJAIhKukkgAAABA"]
[Tue May 27 03:55:11.033826 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public.key"] [unique_id "aDUbf34CeMAvTJAIhKukkgAAABA"]
[Tue May 27 03:55:11.033991 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public.key"] [unique_id "aDUbf34CeMAvTJAIhKukkgAAABA"]
[Tue May 27 03:55:11.151016 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aDUbf34CeMAvTJAIhKuklwAAABA"]
[Tue May 27 03:55:11.151229 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aDUbf34CeMAvTJAIhKuklwAAABA"]
[Tue May 27 03:55:11.151387 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aDUbf34CeMAvTJAIhKuklwAAABA"]
[Tue May 27 03:55:11.173601 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDUbf34CeMAvTJAIhKukmAAAABA"]
[Tue May 27 03:55:11.173813 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDUbf34CeMAvTJAIhKukmAAAABA"]
[Tue May 27 03:55:11.173986 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDUbf34CeMAvTJAIhKukmAAAABA"]
[Tue May 27 03:55:11.196200 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aDUbf34CeMAvTJAIhKukmQAAABA"]
[Tue May 27 03:55:11.196412 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aDUbf34CeMAvTJAIhKukmQAAABA"]
[Tue May 27 03:55:11.196582 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aDUbf34CeMAvTJAIhKukmQAAABA"]
[Tue May 27 03:55:11.218688 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDUbf34CeMAvTJAIhKukmgAAABA"]
[Tue May 27 03:55:11.218821 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDUbf34CeMAvTJAIhKukmgAAABA"]
[Tue May 27 03:55:11.219013 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDUbf34CeMAvTJAIhKukmgAAABA"]
[Tue May 27 03:55:11.219159 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDUbf34CeMAvTJAIhKukmgAAABA"]
[Tue May 27 03:55:11.241457 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aDUbf34CeMAvTJAIhKukmwAAABA"]
[Tue May 27 03:55:11.241708 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aDUbf34CeMAvTJAIhKukmwAAABA"]
[Tue May 27 03:55:11.241871 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aDUbf34CeMAvTJAIhKukmwAAABA"]
[Tue May 27 03:55:11.310346 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/access.log"] [unique_id "aDUbf34CeMAvTJAIhKukngAAABA"]
[Tue May 27 03:55:11.310641 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/access.log"] [unique_id "aDUbf34CeMAvTJAIhKukngAAABA"]
[Tue May 27 03:55:11.310804 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/access.log"] [unique_id "aDUbf34CeMAvTJAIhKukngAAABA"]
[Tue May 27 03:55:11.332994 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aDUbf34CeMAvTJAIhKuknwAAABA"]
[Tue May 27 03:55:11.333319 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aDUbf34CeMAvTJAIhKuknwAAABA"]
[Tue May 27 03:55:11.333483 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aDUbf34CeMAvTJAIhKuknwAAABA"]
[Tue May 27 03:55:11.355562 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/access.log"] [unique_id "aDUbf34CeMAvTJAIhKukoAAAABA"]
[Tue May 27 03:55:11.355866 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/access.log"] [unique_id "aDUbf34CeMAvTJAIhKukoAAAABA"]
[Tue May 27 03:55:11.356021 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/access.log"] [unique_id "aDUbf34CeMAvTJAIhKukoAAAABA"]
[Tue May 27 03:55:11.378174 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/error.log"] [unique_id "aDUbf34CeMAvTJAIhKukoQAAABA"]
[Tue May 27 03:55:11.378498 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/error.log"] [unique_id "aDUbf34CeMAvTJAIhKukoQAAABA"]
[Tue May 27 03:55:11.378655 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/error.log"] [unique_id "aDUbf34CeMAvTJAIhKukoQAAABA"]
[Tue May 27 03:55:11.400805 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".ssh/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/config found within REQUEST_FILENAME: /.ssh/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/config"] [unique_id "aDUbf34CeMAvTJAIhKukogAAABA"]
[Tue May 27 03:55:11.401003 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/config"] [unique_id "aDUbf34CeMAvTJAIhKukogAAABA"]
[Tue May 27 03:55:11.401189 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/config"] [unique_id "aDUbf34CeMAvTJAIhKukogAAABA"]
[Tue May 27 03:55:11.423396 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Matched phrase ".ssh/known_hosts" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/known_hosts found within REQUEST_FILENAME: /.ssh/known_hosts"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/known_hosts"] [unique_id "aDUbf34CeMAvTJAIhKukowAAABA"]
[Tue May 27 03:55:11.423608 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/known_hosts"] [unique_id "aDUbf34CeMAvTJAIhKukowAAABA"]
[Tue May 27 03:55:11.423767 2025] [:error] [pid 3435317] [client 170.39.217.204:23660] [client 170.39.217.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/known_hosts"] [unique_id "aDUbf34CeMAvTJAIhKukowAAABA"]
[Tue May 27 15:49:31.936330 2025] [:error] [pid 3435316] [client 93.123.109.7:50208] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDXC6yw1TIthxW7dZehD_wAAAA8"]
[Tue May 27 15:49:31.936657 2025] [:error] [pid 3435316] [client 93.123.109.7:50208] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDXC6yw1TIthxW7dZehD_wAAAA8"]
[Tue May 27 15:49:31.936826 2025] [:error] [pid 3435316] [client 93.123.109.7:50208] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDXC6yw1TIthxW7dZehD_wAAAA8"]
[Wed May 28 01:46:26.003922 2025] [:error] [pid 3454383] [client 45.148.10.80:35258] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDZO0uALuFgbTPktN9jj9wAAAAE"]
[Wed May 28 01:46:26.005131 2025] [:error] [pid 3454383] [client 45.148.10.80:35258] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDZO0uALuFgbTPktN9jj9wAAAAE"]
[Wed May 28 01:46:26.005326 2025] [:error] [pid 3454383] [client 45.148.10.80:35258] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDZO0uALuFgbTPktN9jj9wAAAAE"]
[Wed May 28 22:47:27.128230 2025] [:error] [pid 3459459] [client 45.148.10.80:57948] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDd2X6kEvPIUf5oXHHLAQQAAABs"]
[Wed May 28 22:47:27.129254 2025] [:error] [pid 3459459] [client 45.148.10.80:57948] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDd2X6kEvPIUf5oXHHLAQQAAABs"]
[Wed May 28 22:47:27.129427 2025] [:error] [pid 3459459] [client 45.148.10.80:57948] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDd2X6kEvPIUf5oXHHLAQQAAABs"]
[Fri May 30 01:52:08.299608 2025] [:error] [pid 3511261] [client 45.148.10.80:38368] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDjzKHBrvn1Ak3ZNnjtjCwAAAAY"]
[Fri May 30 01:52:08.299877 2025] [:error] [pid 3511261] [client 45.148.10.80:38368] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDjzKHBrvn1Ak3ZNnjtjCwAAAAY"]
[Fri May 30 01:52:08.300090 2025] [:error] [pid 3511261] [client 45.148.10.80:38368] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDjzKHBrvn1Ak3ZNnjtjCwAAAAY"]
[Sat May 31 10:20:09.936462 2025] [:error] [pid 3535554] [client 45.144.212.129:60446] [client 45.144.212.129] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDq7ueXCl39lWlOoO04ffAAAAAQ"]
[Sat May 31 10:20:09.939559 2025] [:error] [pid 3535554] [client 45.144.212.129:60446] [client 45.144.212.129] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDq7ueXCl39lWlOoO04ffAAAAAQ"]
[Sat May 31 10:20:09.939739 2025] [:error] [pid 3535554] [client 45.144.212.129:60446] [client 45.144.212.129] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDq7ueXCl39lWlOoO04ffAAAAAQ"]
[Sat May 31 11:36:27.330506 2025] [:error] [pid 3536289] [client 93.123.109.101:58038] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDrNm6G7kNEKUqP7i5KqRwAAAAs"]
[Sat May 31 11:36:27.330767 2025] [:error] [pid 3536289] [client 93.123.109.101:58038] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDrNm6G7kNEKUqP7i5KqRwAAAAs"]
[Sat May 31 11:36:27.330943 2025] [:error] [pid 3536289] [client 93.123.109.101:58038] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDrNm6G7kNEKUqP7i5KqRwAAAAs"]
[Sat May 31 11:36:27.625313 2025] [:error] [pid 3535581] [client 93.123.109.101:58048] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aDrNm8DOx7Z0Y9wu01FRpQAAAAU"]
[Sat May 31 11:36:27.625564 2025] [:error] [pid 3535581] [client 93.123.109.101:58048] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aDrNm8DOx7Z0Y9wu01FRpQAAAAU"]
[Sat May 31 11:36:27.625740 2025] [:error] [pid 3535581] [client 93.123.109.101:58048] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aDrNm8DOx7Z0Y9wu01FRpQAAAAU"]
[Sat May 31 11:36:27.807364 2025] [:error] [pid 3535554] [client 93.123.109.101:58050] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDrNm-XCl39lWlOoO04fhwAAAAQ"]
[Sat May 31 11:36:27.807620 2025] [:error] [pid 3535554] [client 93.123.109.101:58050] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDrNm-XCl39lWlOoO04fhwAAAAQ"]
[Sat May 31 11:36:27.807829 2025] [:error] [pid 3535554] [client 93.123.109.101:58050] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDrNm-XCl39lWlOoO04fhwAAAAQ"]
[Sat May 31 11:36:28.057606 2025] [:error] [pid 3536288] [client 93.123.109.101:58052] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDrNnE7hqgNRWbaHNkFYiQAAAAo"]
[Sat May 31 11:36:28.057867 2025] [:error] [pid 3536288] [client 93.123.109.101:58052] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDrNnE7hqgNRWbaHNkFYiQAAAAo"]
[Sat May 31 11:36:28.058053 2025] [:error] [pid 3536288] [client 93.123.109.101:58052] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aDrNnE7hqgNRWbaHNkFYiQAAAAo"]
[Sat May 31 11:36:28.235027 2025] [:error] [pid 3535553] [client 93.123.109.101:58064] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aDrNnE_7v63ITAiL1uig8AAAAAM"]
[Sat May 31 11:36:28.235298 2025] [:error] [pid 3535553] [client 93.123.109.101:58064] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aDrNnE_7v63ITAiL1uig8AAAAAM"]
[Sat May 31 11:36:28.235471 2025] [:error] [pid 3535553] [client 93.123.109.101:58064] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aDrNnE_7v63ITAiL1uig8AAAAAM"]
[Sat May 31 11:36:28.383370 2025] [:error] [pid 3536285] [client 93.123.109.101:58078] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aDrNnIEq4lJoMFaf2sMJYAAAAAg"]
[Sat May 31 11:36:28.383622 2025] [:error] [pid 3536285] [client 93.123.109.101:58078] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aDrNnIEq4lJoMFaf2sMJYAAAAAg"]
[Sat May 31 11:36:28.383794 2025] [:error] [pid 3536285] [client 93.123.109.101:58078] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aDrNnIEq4lJoMFaf2sMJYAAAAAg"]
[Sat May 31 11:36:29.458329 2025] [:error] [pid 3536289] [client 93.123.109.101:58120] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aDrNnaG7kNEKUqP7i5KqSAAAAAs"]
[Sat May 31 11:36:29.458579 2025] [:error] [pid 3536289] [client 93.123.109.101:58120] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aDrNnaG7kNEKUqP7i5KqSAAAAAs"]
[Sat May 31 11:36:29.458758 2025] [:error] [pid 3536289] [client 93.123.109.101:58120] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aDrNnaG7kNEKUqP7i5KqSAAAAAs"]
[Sat May 31 11:36:29.670671 2025] [:error] [pid 3535581] [client 93.123.109.101:58130] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDrNncDOx7Z0Y9wu01FRpgAAAAU"]
[Sat May 31 11:36:29.670911 2025] [:error] [pid 3535581] [client 93.123.109.101:58130] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDrNncDOx7Z0Y9wu01FRpgAAAAU"]
[Sat May 31 11:36:29.671078 2025] [:error] [pid 3535581] [client 93.123.109.101:58130] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDrNncDOx7Z0Y9wu01FRpgAAAAU"]
[Sat May 31 11:36:29.921921 2025] [:error] [pid 3535554] [client 93.123.109.101:58146] [client 93.123.109.101] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aDrNneXCl39lWlOoO04fiAAAAAQ"]
[Sat May 31 11:36:29.922165 2025] [:error] [pid 3535554] [client 93.123.109.101:58146] [client 93.123.109.101] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aDrNneXCl39lWlOoO04fiAAAAAQ"]
[Sat May 31 11:36:29.922365 2025] [:error] [pid 3535554] [client 93.123.109.101:58146] [client 93.123.109.101] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aDrNneXCl39lWlOoO04fiAAAAAQ"]
[Sat May 31 23:23:44.335187 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDtzYE_7v63ITAiL1uihMAAAAAM"], referer: http://pms.test.indacotrentino.com/.env
[Sat May 31 23:23:44.335545 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDtzYE_7v63ITAiL1uihMAAAAAM"], referer: http://pms.test.indacotrentino.com/.env
[Sat May 31 23:23:44.335725 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDtzYE_7v63ITAiL1uihMAAAAAM"], referer: http://pms.test.indacotrentino.com/.env
[Sat May 31 23:23:44.666318 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDtzYE_7v63ITAiL1uihMQAAAAM"], referer: http://pms.test.indacotrentino.com/.env
[Sat May 31 23:23:44.666590 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDtzYE_7v63ITAiL1uihMQAAAAM"], referer: http://pms.test.indacotrentino.com/.env
[Sat May 31 23:23:44.666768 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aDtzYE_7v63ITAiL1uihMQAAAAM"], referer: http://pms.test.indacotrentino.com/.env
[Sat May 31 23:23:45.098118 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aDtzYU_7v63ITAiL1uihMgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dist
[Sat May 31 23:23:45.099229 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aDtzYU_7v63ITAiL1uihMgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dist
[Sat May 31 23:23:45.099456 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aDtzYU_7v63ITAiL1uihMgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dist
[Sat May 31 23:23:45.429693 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aDtzYU_7v63ITAiL1uihMwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dist
[Sat May 31 23:23:45.429962 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aDtzYU_7v63ITAiL1uihMwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dist
[Sat May 31 23:23:45.430141 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aDtzYU_7v63ITAiL1uihMwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dist
[Sat May 31 23:23:45.861916 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYU_7v63ITAiL1uihNAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:45.862132 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYU_7v63ITAiL1uihNAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:45.862461 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYU_7v63ITAiL1uihNAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:45.862662 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYU_7v63ITAiL1uihNAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:46.193407 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYk_7v63ITAiL1uihNQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:46.193608 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYk_7v63ITAiL1uihNQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:46.193862 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYk_7v63ITAiL1uihNQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:46.194045 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aDtzYk_7v63ITAiL1uihNQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat May 31 23:23:46.625983 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDtzYk_7v63ITAiL1uihNgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dev.local
[Sat May 31 23:23:46.626273 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDtzYk_7v63ITAiL1uihNgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dev.local
[Sat May 31 23:23:46.626470 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDtzYk_7v63ITAiL1uihNgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dev.local
[Sat May 31 23:23:47.074769 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDtzY0_7v63ITAiL1uihNwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dev.local
[Sat May 31 23:23:47.075042 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDtzY0_7v63ITAiL1uihNwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dev.local
[Sat May 31 23:23:47.075237 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aDtzY0_7v63ITAiL1uihNwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.dev.local
[Sat May 31 23:23:47.507984 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDtzY0_7v63ITAiL1uihOAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development.local
[Sat May 31 23:23:47.508301 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDtzY0_7v63ITAiL1uihOAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development.local
[Sat May 31 23:23:47.508489 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDtzY0_7v63ITAiL1uihOAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development.local
[Sat May 31 23:23:47.838940 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDtzY0_7v63ITAiL1uihOQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development.local
[Sat May 31 23:23:47.839224 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDtzY0_7v63ITAiL1uihOQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development.local
[Sat May 31 23:23:47.839420 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aDtzY0_7v63ITAiL1uihOQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development.local
[Sat May 31 23:23:48.271382 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDtzZE_7v63ITAiL1uihOgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod.local
[Sat May 31 23:23:48.271698 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDtzZE_7v63ITAiL1uihOgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod.local
[Sat May 31 23:23:48.271875 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDtzZE_7v63ITAiL1uihOgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod.local
[Sat May 31 23:23:48.602268 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDtzZE_7v63ITAiL1uihOwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod.local
[Sat May 31 23:23:48.602554 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDtzZE_7v63ITAiL1uihOwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod.local
[Sat May 31 23:23:48.602737 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aDtzZE_7v63ITAiL1uihOwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod.local
[Sat May 31 23:23:49.033551 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDtzZU_7v63ITAiL1uihPAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production.local
[Sat May 31 23:23:49.033816 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDtzZU_7v63ITAiL1uihPAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production.local
[Sat May 31 23:23:49.034016 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDtzZU_7v63ITAiL1uihPAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production.local
[Sat May 31 23:23:49.364534 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDtzZU_7v63ITAiL1uihPQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production.local
[Sat May 31 23:23:49.364844 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDtzZU_7v63ITAiL1uihPQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production.local
[Sat May 31 23:23:49.365032 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aDtzZU_7v63ITAiL1uihPQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production.local
[Sat May 31 23:23:49.797631 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDtzZU_7v63ITAiL1uihPgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.local
[Sat May 31 23:23:49.797905 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDtzZU_7v63ITAiL1uihPgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.local
[Sat May 31 23:23:49.798098 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDtzZU_7v63ITAiL1uihPgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.local
[Sat May 31 23:23:50.128741 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDtzZk_7v63ITAiL1uihPwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.local
[Sat May 31 23:23:50.129756 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDtzZk_7v63ITAiL1uihPwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.local
[Sat May 31 23:23:50.129989 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aDtzZk_7v63ITAiL1uihPwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.local
[Sat May 31 23:23:50.563138 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDtzZk_7v63ITAiL1uihQAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.example
[Sat May 31 23:23:50.563491 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDtzZk_7v63ITAiL1uihQAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.example
[Sat May 31 23:23:50.563746 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDtzZk_7v63ITAiL1uihQAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.example
[Sat May 31 23:23:50.894907 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDtzZk_7v63ITAiL1uihQQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.example
[Sat May 31 23:23:50.895216 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDtzZk_7v63ITAiL1uihQQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.example
[Sat May 31 23:23:50.895410 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aDtzZk_7v63ITAiL1uihQQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.example
[Sat May 31 23:23:51.328840 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDtzZ0_7v63ITAiL1uihQgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.stage
[Sat May 31 23:23:51.329132 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDtzZ0_7v63ITAiL1uihQgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.stage
[Sat May 31 23:23:51.329320 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDtzZ0_7v63ITAiL1uihQgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.stage
[Sat May 31 23:23:51.659935 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDtzZ0_7v63ITAiL1uihQwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.stage
[Sat May 31 23:23:51.660218 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDtzZ0_7v63ITAiL1uihQwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.stage
[Sat May 31 23:23:51.660415 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aDtzZ0_7v63ITAiL1uihQwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.stage
[Sat May 31 23:23:52.092106 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDtzaE_7v63ITAiL1uihRAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.live
[Sat May 31 23:23:52.092417 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDtzaE_7v63ITAiL1uihRAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.live
[Sat May 31 23:23:52.092616 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDtzaE_7v63ITAiL1uihRAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.live
[Sat May 31 23:23:52.423259 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDtzaE_7v63ITAiL1uihRQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.live
[Sat May 31 23:23:52.423531 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDtzaE_7v63ITAiL1uihRQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.live
[Sat May 31 23:23:52.423710 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aDtzaE_7v63ITAiL1uihRQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.live
[Sat May 31 23:23:52.856084 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDtzaE_7v63ITAiL1uihRgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.test
[Sat May 31 23:23:52.856349 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDtzaE_7v63ITAiL1uihRgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.test
[Sat May 31 23:23:52.856638 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDtzaE_7v63ITAiL1uihRgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.test
[Sat May 31 23:23:53.187359 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDtzaU_7v63ITAiL1uihRwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.test
[Sat May 31 23:23:53.187778 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDtzaU_7v63ITAiL1uihRwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.test
[Sat May 31 23:23:53.188006 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aDtzaU_7v63ITAiL1uihRwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.test
[Sat May 31 23:23:53.619725 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDtzaU_7v63ITAiL1uihSAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.staging
[Sat May 31 23:23:53.619996 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDtzaU_7v63ITAiL1uihSAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.staging
[Sat May 31 23:23:53.620216 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDtzaU_7v63ITAiL1uihSAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.staging
[Sat May 31 23:23:53.950548 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDtzaU_7v63ITAiL1uihSQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.staging
[Sat May 31 23:23:53.950812 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDtzaU_7v63ITAiL1uihSQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.staging
[Sat May 31 23:23:53.951011 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aDtzaU_7v63ITAiL1uihSQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.staging
[Sat May 31 23:23:54.383305 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:54.383506 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:54.383753 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:54.383925 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:54.714400 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:54.714599 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:54.714885 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:54.715069 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aDtzak_7v63ITAiL1uihSwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.backup
[Sat May 31 23:23:55.146942 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDtza0_7v63ITAiL1uihTAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production
[Sat May 31 23:23:55.147760 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDtza0_7v63ITAiL1uihTAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production
[Sat May 31 23:23:55.147963 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDtza0_7v63ITAiL1uihTAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production
[Sat May 31 23:23:55.479090 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDtza0_7v63ITAiL1uihTQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production
[Sat May 31 23:23:55.479365 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDtza0_7v63ITAiL1uihTQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production
[Sat May 31 23:23:55.479538 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aDtza0_7v63ITAiL1uihTQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.production
[Sat May 31 23:23:55.911575 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDtza0_7v63ITAiL1uihTgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development
[Sat May 31 23:23:55.911855 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDtza0_7v63ITAiL1uihTgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development
[Sat May 31 23:23:55.912042 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDtza0_7v63ITAiL1uihTgAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development
[Sat May 31 23:23:56.242509 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDtzbE_7v63ITAiL1uihTwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development
[Sat May 31 23:23:56.242787 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDtzbE_7v63ITAiL1uihTwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development
[Sat May 31 23:23:56.242968 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aDtzbE_7v63ITAiL1uihTwAAAAM"], referer: http://pms.test.indacotrentino.com/.env.development
[Sat May 31 23:23:56.674703 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDtzbE_7v63ITAiL1uihUAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod
[Sat May 31 23:23:56.674999 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDtzbE_7v63ITAiL1uihUAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod
[Sat May 31 23:23:56.675188 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDtzbE_7v63ITAiL1uihUAAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod
[Sat May 31 23:23:57.006063 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDtzbU_7v63ITAiL1uihUQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod
[Sat May 31 23:23:57.006374 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDtzbU_7v63ITAiL1uihUQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod
[Sat May 31 23:23:57.006550 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aDtzbU_7v63ITAiL1uihUQAAAAM"], referer: http://pms.test.indacotrentino.com/.env.prod
[Sat May 31 23:23:59.728428 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aDtzb0_7v63ITAiL1uihWAAAAAM"], referer: http://pms.test.indacotrentino.com/database.yml
[Sat May 31 23:23:59.728719 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aDtzb0_7v63ITAiL1uihWAAAAAM"], referer: http://pms.test.indacotrentino.com/database.yml
[Sat May 31 23:23:59.728909 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aDtzb0_7v63ITAiL1uihWAAAAAM"], referer: http://pms.test.indacotrentino.com/database.yml
[Sat May 31 23:24:00.059780 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aDtzcE_7v63ITAiL1uihWQAAAAM"], referer: http://pms.test.indacotrentino.com/database.yml
[Sat May 31 23:24:00.060076 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aDtzcE_7v63ITAiL1uihWQAAAAM"], referer: http://pms.test.indacotrentino.com/database.yml
[Sat May 31 23:24:00.060278 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aDtzcE_7v63ITAiL1uihWQAAAAM"], referer: http://pms.test.indacotrentino.com/database.yml
[Sat May 31 23:24:05.078665 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDtzdU_7v63ITAiL1uihZgAAAAM"], referer: http://pms.test.indacotrentino.com/db.config
[Sat May 31 23:24:05.079139 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDtzdU_7v63ITAiL1uihZgAAAAM"], referer: http://pms.test.indacotrentino.com/db.config
[Sat May 31 23:24:05.079326 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDtzdU_7v63ITAiL1uihZgAAAAM"], referer: http://pms.test.indacotrentino.com/db.config
[Sat May 31 23:24:05.410484 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDtzdU_7v63ITAiL1uihZwAAAAM"], referer: http://pms.test.indacotrentino.com/db.config
[Sat May 31 23:24:05.410901 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDtzdU_7v63ITAiL1uihZwAAAAM"], referer: http://pms.test.indacotrentino.com/db.config
[Sat May 31 23:24:05.411096 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.config"] [unique_id "aDtzdU_7v63ITAiL1uihZwAAAAM"], referer: http://pms.test.indacotrentino.com/db.config
[Sat May 31 23:24:08.134838 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDtzeE_7v63ITAiL1uihbgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat May 31 23:24:08.135111 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDtzeE_7v63ITAiL1uihbgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat May 31 23:24:08.135310 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDtzeE_7v63ITAiL1uihbgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat May 31 23:24:08.466150 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDtzeE_7v63ITAiL1uihbwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat May 31 23:24:08.466484 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDtzeE_7v63ITAiL1uihbwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat May 31 23:24:08.466669 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aDtzeE_7v63ITAiL1uihbwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat May 31 23:24:08.897860 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDtzeE_7v63ITAiL1uihcAAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/config
[Sat May 31 23:24:08.898140 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDtzeE_7v63ITAiL1uihcAAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/config
[Sat May 31 23:24:08.898359 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDtzeE_7v63ITAiL1uihcAAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/config
[Sat May 31 23:24:09.229078 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDtzeU_7v63ITAiL1uihcQAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/config
[Sat May 31 23:24:09.229364 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDtzeU_7v63ITAiL1uihcQAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/config
[Sat May 31 23:24:09.229553 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aDtzeU_7v63ITAiL1uihcQAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/config
[Sat May 31 23:24:09.661820 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDtzeU_7v63ITAiL1uihcgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.json
[Sat May 31 23:24:09.662090 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDtzeU_7v63ITAiL1uihcgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.json
[Sat May 31 23:24:09.662336 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDtzeU_7v63ITAiL1uihcgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.json
[Sat May 31 23:24:09.993444 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDtzeU_7v63ITAiL1uihcwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.json
[Sat May 31 23:24:09.993729 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDtzeU_7v63ITAiL1uihcwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.json
[Sat May 31 23:24:09.993910 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.json"] [unique_id "aDtzeU_7v63ITAiL1uihcwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.json
[Sat May 31 23:24:10.426226 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yml"] [unique_id "aDtzek_7v63ITAiL1uihdAAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yml
[Sat May 31 23:24:10.426741 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yml"] [unique_id "aDtzek_7v63ITAiL1uihdAAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yml
[Sat May 31 23:24:10.427070 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yml"] [unique_id "aDtzek_7v63ITAiL1uihdAAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yml
[Sat May 31 23:24:10.757514 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yml"] [unique_id "aDtzek_7v63ITAiL1uihdQAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yml
[Sat May 31 23:24:10.757796 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yml"] [unique_id "aDtzek_7v63ITAiL1uihdQAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yml
[Sat May 31 23:24:10.758021 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yml"] [unique_id "aDtzek_7v63ITAiL1uihdQAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yml
[Sat May 31 23:24:11.189666 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yaml"] [unique_id "aDtze0_7v63ITAiL1uihdgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yaml
[Sat May 31 23:24:11.189945 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yaml"] [unique_id "aDtze0_7v63ITAiL1uihdgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yaml
[Sat May 31 23:24:11.190141 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yaml"] [unique_id "aDtze0_7v63ITAiL1uihdgAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yaml
[Sat May 31 23:24:11.520189 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yaml"] [unique_id "aDtze0_7v63ITAiL1uihdwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yaml
[Sat May 31 23:24:11.520473 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yaml"] [unique_id "aDtze0_7v63ITAiL1uihdwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yaml
[Sat May 31 23:24:11.521324 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.yaml"] [unique_id "aDtze0_7v63ITAiL1uihdwAAAAM"], referer: http://pms.test.indacotrentino.com/.aws/credentials.yaml
[Sat May 31 23:24:16.532299 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDtzgE_7v63ITAiL1uihhAAAAAM"], referer: http://pms.test.indacotrentino.com/.docker/config.json
[Sat May 31 23:24:16.532616 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDtzgE_7v63ITAiL1uihhAAAAAM"], referer: http://pms.test.indacotrentino.com/.docker/config.json
[Sat May 31 23:24:16.532808 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDtzgE_7v63ITAiL1uihhAAAAAM"], referer: http://pms.test.indacotrentino.com/.docker/config.json
[Sat May 31 23:24:16.863291 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDtzgE_7v63ITAiL1uihhQAAAAM"], referer: http://pms.test.indacotrentino.com/.docker/config.json
[Sat May 31 23:24:16.863557 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDtzgE_7v63ITAiL1uihhQAAAAM"], referer: http://pms.test.indacotrentino.com/.docker/config.json
[Sat May 31 23:24:16.863743 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aDtzgE_7v63ITAiL1uihhQAAAAM"], referer: http://pms.test.indacotrentino.com/.docker/config.json
[Sat May 31 23:24:17.296013 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDtzgU_7v63ITAiL1uihhgAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat May 31 23:24:17.296312 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDtzgU_7v63ITAiL1uihhgAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat May 31 23:24:17.296531 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDtzgU_7v63ITAiL1uihhgAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat May 31 23:24:17.627114 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDtzgU_7v63ITAiL1uihhwAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat May 31 23:24:17.627394 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDtzgU_7v63ITAiL1uihhwAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat May 31 23:24:17.627583 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aDtzgU_7v63ITAiL1uihhwAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat May 31 23:24:21.880172 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aDtzhU_7v63ITAiL1uihkgAAAAM"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat May 31 23:24:21.880445 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aDtzhU_7v63ITAiL1uihkgAAAAM"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat May 31 23:24:21.880644 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aDtzhU_7v63ITAiL1uihkgAAAAM"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat May 31 23:24:22.211173 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aDtzhk_7v63ITAiL1uihkwAAAAM"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat May 31 23:24:22.211447 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aDtzhk_7v63ITAiL1uihkwAAAAM"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat May 31 23:24:22.211633 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aDtzhk_7v63ITAiL1uihkwAAAAM"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat May 31 23:24:22.644042 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDtzhk_7v63ITAiL1uihlAAAAAM"], referer: http://pms.test.indacotrentino.com/package.json
[Sat May 31 23:24:22.644331 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDtzhk_7v63ITAiL1uihlAAAAAM"], referer: http://pms.test.indacotrentino.com/package.json
[Sat May 31 23:24:22.644540 2025] [:error] [pid 3535553] [client 165.1.71.166:36230] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDtzhk_7v63ITAiL1uihlAAAAAM"], referer: http://pms.test.indacotrentino.com/package.json
[Sat May 31 23:24:23.477930 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDtzh15-AmCHt6p1SURrkwAAAAc"], referer: http://pms.test.indacotrentino.com/package.json
[Sat May 31 23:24:23.478211 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDtzh15-AmCHt6p1SURrkwAAAAc"], referer: http://pms.test.indacotrentino.com/package.json
[Sat May 31 23:24:23.478409 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aDtzh15-AmCHt6p1SURrkwAAAAc"], referer: http://pms.test.indacotrentino.com/package.json
[Sat May 31 23:24:23.909565 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aDtzh15-AmCHt6p1SURrlAAAAAc"], referer: http://pms.test.indacotrentino.com/.travis.yml
[Sat May 31 23:24:23.909836 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aDtzh15-AmCHt6p1SURrlAAAAAc"], referer: http://pms.test.indacotrentino.com/.travis.yml
[Sat May 31 23:24:23.910039 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aDtzh15-AmCHt6p1SURrlAAAAAc"], referer: http://pms.test.indacotrentino.com/.travis.yml
[Sat May 31 23:24:24.240949 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aDtziF5-AmCHt6p1SURrlQAAAAc"], referer: http://pms.test.indacotrentino.com/.travis.yml
[Sat May 31 23:24:24.241214 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aDtziF5-AmCHt6p1SURrlQAAAAc"], referer: http://pms.test.indacotrentino.com/.travis.yml
[Sat May 31 23:24:24.241393 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aDtziF5-AmCHt6p1SURrlQAAAAc"], referer: http://pms.test.indacotrentino.com/.travis.yml
[Sat May 31 23:24:25.437578 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aDtziV5-AmCHt6p1SURrmAAAAAc"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat May 31 23:24:25.437856 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aDtziV5-AmCHt6p1SURrmAAAAAc"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat May 31 23:24:25.438027 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aDtziV5-AmCHt6p1SURrmAAAAAc"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat May 31 23:24:25.768569 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aDtziV5-AmCHt6p1SURrmQAAAAc"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat May 31 23:24:25.768844 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aDtziV5-AmCHt6p1SURrmQAAAAc"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat May 31 23:24:25.769048 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aDtziV5-AmCHt6p1SURrmQAAAAc"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat May 31 23:24:26.201103 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aDtzil5-AmCHt6p1SURrmgAAAAc"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat May 31 23:24:26.201417 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aDtzil5-AmCHt6p1SURrmgAAAAc"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat May 31 23:24:26.201618 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aDtzil5-AmCHt6p1SURrmgAAAAc"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat May 31 23:24:26.534126 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aDtzil5-AmCHt6p1SURrmwAAAAc"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat May 31 23:24:26.534435 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aDtzil5-AmCHt6p1SURrmwAAAAc"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat May 31 23:24:26.534956 2025] [:error] [pid 3545952] [client 165.1.71.166:59254] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aDtzil5-AmCHt6p1SURrmwAAAAc"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat May 31 23:25:10.531192 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDtztoEq4lJoMFaf2sMJ3QAAAAg"], referer: http://pms.test.indacotrentino.com/webpack.config.js
[Sat May 31 23:25:10.531475 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDtztoEq4lJoMFaf2sMJ3QAAAAg"], referer: http://pms.test.indacotrentino.com/webpack.config.js
[Sat May 31 23:25:10.531657 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDtztoEq4lJoMFaf2sMJ3QAAAAg"], referer: http://pms.test.indacotrentino.com/webpack.config.js
[Sat May 31 23:25:10.859130 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDtztoEq4lJoMFaf2sMJ3gAAAAg"], referer: http://pms.test.indacotrentino.com/webpack.config.js
[Sat May 31 23:25:10.859424 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDtztoEq4lJoMFaf2sMJ3gAAAAg"], referer: http://pms.test.indacotrentino.com/webpack.config.js
[Sat May 31 23:25:10.859629 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aDtztoEq4lJoMFaf2sMJ3gAAAAg"], referer: http://pms.test.indacotrentino.com/webpack.config.js
[Sat May 31 23:25:14.320878 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDtzuoEq4lJoMFaf2sMJ5wAAAAg"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat May 31 23:25:14.321221 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDtzuoEq4lJoMFaf2sMJ5wAAAAg"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat May 31 23:25:14.321431 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDtzuoEq4lJoMFaf2sMJ5wAAAAg"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat May 31 23:25:14.649218 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDtzuoEq4lJoMFaf2sMJ6AAAAAg"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat May 31 23:25:14.649498 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDtzuoEq4lJoMFaf2sMJ6AAAAAg"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat May 31 23:25:14.649677 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDtzuoEq4lJoMFaf2sMJ6AAAAAg"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat May 31 23:25:15.077666 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aDtzu4Eq4lJoMFaf2sMJ6QAAAAg"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat May 31 23:25:15.077931 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aDtzu4Eq4lJoMFaf2sMJ6QAAAAg"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat May 31 23:25:15.078137 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aDtzu4Eq4lJoMFaf2sMJ6QAAAAg"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat May 31 23:25:15.405663 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aDtzu4Eq4lJoMFaf2sMJ6gAAAAg"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat May 31 23:25:15.405954 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aDtzu4Eq4lJoMFaf2sMJ6gAAAAg"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat May 31 23:25:15.406175 2025] [:error] [pid 3536285] [client 165.1.71.166:41490] [client 165.1.71.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aDtzu4Eq4lJoMFaf2sMJ6gAAAAg"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sun Jun 01 00:24:30.304872 2025] [:error] [pid 3554516] [client 54.226.216.238:57668] [client 54.226.216.238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDuBnniftC5RKXzC4YDbRQAAAAg"]
[Sun Jun 01 00:24:30.305163 2025] [:error] [pid 3554516] [client 54.226.216.238:57668] [client 54.226.216.238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDuBnniftC5RKXzC4YDbRQAAAAg"]
[Sun Jun 01 00:24:30.305352 2025] [:error] [pid 3554516] [client 54.226.216.238:57668] [client 54.226.216.238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDuBnniftC5RKXzC4YDbRQAAAAg"]
[Sun Jun 01 16:11:19.187795 2025] [:error] [pid 3562263] [client 93.123.109.105:35352] [client 93.123.109.105] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDxfh_EY37t3P06h095yJgAAAAk"]
[Sun Jun 01 16:11:19.188090 2025] [:error] [pid 3562263] [client 93.123.109.105:35352] [client 93.123.109.105] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDxfh_EY37t3P06h095yJgAAAAk"]
[Sun Jun 01 16:11:19.188260 2025] [:error] [pid 3562263] [client 93.123.109.105:35352] [client 93.123.109.105] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDxfh_EY37t3P06h095yJgAAAAk"]
[Sun Jun 01 22:00:10.915441 2025] [:error] [pid 3558349] [client 3.81.53.186:49144] [client 3.81.53.186] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDyxStXprnawRx3sH6EpKQAAAAA"]
[Sun Jun 01 22:00:10.915716 2025] [:error] [pid 3558349] [client 3.81.53.186:49144] [client 3.81.53.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDyxStXprnawRx3sH6EpKQAAAAA"]
[Sun Jun 01 22:00:10.915888 2025] [:error] [pid 3558349] [client 3.81.53.186:49144] [client 3.81.53.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aDyxStXprnawRx3sH6EpKQAAAAA"]
[Tue Jun 03 12:36:43.725658 2025] [:error] [pid 3601618] [client 185.177.72.179:53120] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aD7QO75N9fR7D5OgFojLxgAAAAA"]
[Tue Jun 03 12:36:43.727914 2025] [:error] [pid 3601618] [client 185.177.72.179:53120] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aD7QO75N9fR7D5OgFojLxgAAAAA"]
[Tue Jun 03 12:36:43.728134 2025] [:error] [pid 3601618] [client 185.177.72.179:53120] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aD7QO75N9fR7D5OgFojLxgAAAAA"]
[Wed Jun 04 14:56:47.324375 2025] [:error] [pid 3627655] [client 216.81.248.85:64688] [client 216.81.248.85] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEBCj5emqUukgfb-8DoGOwAAAA4"]
[Wed Jun 04 14:56:47.324655 2025] [:error] [pid 3627655] [client 216.81.248.85:64688] [client 216.81.248.85] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEBCj5emqUukgfb-8DoGOwAAAA4"]
[Wed Jun 04 14:56:47.324833 2025] [:error] [pid 3627655] [client 216.81.248.85:64688] [client 216.81.248.85] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEBCj5emqUukgfb-8DoGOwAAAA4"]
[Sun Jun 08 02:25:53.821879 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYkbUz9CVwWtZ9cYd_rgAAAAI"]
[Sun Jun 08 02:25:53.823569 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYkbUz9CVwWtZ9cYd_rgAAAAI"]
[Sun Jun 08 02:25:53.823635 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYkbUz9CVwWtZ9cYd_rgAAAAI"]
[Sun Jun 08 02:25:53.824359 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYkbUz9CVwWtZ9cYd_rgAAAAI"]
[Sun Jun 08 02:25:53.824560 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aETYkbUz9CVwWtZ9cYd_rgAAAAI"]
[Sun Jun 08 02:25:59.055982 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat%20../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYl7Uz9CVwWtZ9cYd_sgAAAAI"]
[Sun Jun 08 02:25:59.056085 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat%20../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYl7Uz9CVwWtZ9cYd_sgAAAAI"]
[Sun Jun 08 02:25:59.056152 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1;cat ../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYl7Uz9CVwWtZ9cYd_sgAAAAI"]
[Sun Jun 08 02:25:59.056206 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /cacti/cmd_realtime.php?action=polldata&host_id=1&local_data_id=1 cat ../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYl7Uz9CVwWtZ9cYd_sgAAAAI"]
[Sun Jun 08 02:25:59.056385 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:l[\\\\\\\\'\\"]* ..." at ARGS:local_data_id. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ;cat ../../../../../../../root/.aws/credentials found within ARGS:local_data_id: 1;cat ../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pms.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYl7Uz9CVwWtZ9cYd_sgAAAAI"]
[Sun Jun 08 02:25:59.057260 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYl7Uz9CVwWtZ9cYd_sgAAAAI"]
[Sun Jun 08 02:25:59.057496 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=5,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 25, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cacti/cmd_realtime.php"] [unique_id "aETYl7Uz9CVwWtZ9cYd_sgAAAAI"]
[Sun Jun 08 02:26:00.467351 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYmLUz9CVwWtZ9cYd_swAAAAI"]
[Sun Jun 08 02:26:00.467580 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYmLUz9CVwWtZ9cYd_swAAAAI"]
[Sun Jun 08 02:26:00.467800 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYmLUz9CVwWtZ9cYd_swAAAAI"]
[Sun Jun 08 02:26:01.638618 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?option=com_media&view=mediaList&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmbUz9CVwWtZ9cYd_tAAAAAI"]
[Sun Jun 08 02:26:01.638689 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?option=com_media&view=mediaList&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmbUz9CVwWtZ9cYd_tAAAAAI"]
[Sun Jun 08 02:26:01.638737 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?option=com_media&view=medialist&tmpl=component&fieldid=filename&folder=../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmbUz9CVwWtZ9cYd_tAAAAAI"]
[Sun Jun 08 02:26:01.639975 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmbUz9CVwWtZ9cYd_tAAAAAI"]
[Sun Jun 08 02:26:01.640176 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmbUz9CVwWtZ9cYd_tAAAAAI"]
[Sun Jun 08 02:26:02.801230 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmrUz9CVwWtZ9cYd_tQAAAAI"]
[Sun Jun 08 02:26:02.801297 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmrUz9CVwWtZ9cYd_tQAAAAI"]
[Sun Jun 08 02:26:02.801332 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php?file=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmrUz9CVwWtZ9cYd_tQAAAAI"]
[Sun Jun 08 02:26:02.801826 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmrUz9CVwWtZ9cYd_tQAAAAI"]
[Sun Jun 08 02:26:02.802038 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php"] [unique_id "aETYmrUz9CVwWtZ9cYd_tQAAAAI"]
[Sun Jun 08 02:26:04.695732 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYnLUz9CVwWtZ9cYd_twAAAAI"]
[Sun Jun 08 02:26:04.695813 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYnLUz9CVwWtZ9cYd_twAAAAI"]
[Sun Jun 08 02:26:04.695846 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /ajax_dashboard.php?widget=../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYnLUz9CVwWtZ9cYd_twAAAAI"]
[Sun Jun 08 02:26:04.696281 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYnLUz9CVwWtZ9cYd_twAAAAI"]
[Sun Jun 08 02:26:04.696467 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ajax_dashboard.php"] [unique_id "aETYnLUz9CVwWtZ9cYd_twAAAAI"]
[Sun Jun 08 02:26:05.718011 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYnbUz9CVwWtZ9cYd_uAAAAAI"]
[Sun Jun 08 02:26:05.718075 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYnbUz9CVwWtZ9cYd_uAAAAAI"]
[Sun Jun 08 02:26:05.718113 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /remote/fgt_lang?lang=/../../../../../../../../root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYnbUz9CVwWtZ9cYd_uAAAAAI"]
[Sun Jun 08 02:26:05.719802 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYnbUz9CVwWtZ9cYd_uAAAAAI"]
[Sun Jun 08 02:26:05.720037 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/remote/fgt_lang"] [unique_id "aETYnbUz9CVwWtZ9cYd_uAAAAAI"]
[Sun Jun 08 02:26:06.913060 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYnrUz9CVwWtZ9cYd_uQAAAAI"]
[Sun Jun 08 02:26:06.913271 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYnrUz9CVwWtZ9cYd_uQAAAAI"]
[Sun Jun 08 02:26:06.913466 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYnrUz9CVwWtZ9cYd_uQAAAAI"]
[Sun Jun 08 02:26:08.062104 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /mgmt/shared/authn/login/root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mgmt/shared/authn/login/~../~../~../~../root/.aws/credentials"] [unique_id "aETYoLUz9CVwWtZ9cYd_ugAAAAI"]
[Sun Jun 08 02:26:08.062380 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mgmt/shared/authn/login/~../~../~../~../root/.aws/credentials"] [unique_id "aETYoLUz9CVwWtZ9cYd_ugAAAAI"]
[Sun Jun 08 02:26:08.062581 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mgmt/shared/authn/login/~../~../~../~../root/.aws/credentials"] [unique_id "aETYoLUz9CVwWtZ9cYd_ugAAAAI"]
[Sun Jun 08 02:26:09.277669 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYobUz9CVwWtZ9cYd_uwAAAAI"]
[Sun Jun 08 02:26:09.277880 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYobUz9CVwWtZ9cYd_uwAAAAI"]
[Sun Jun 08 02:26:09.278172 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aETYobUz9CVwWtZ9cYd_uwAAAAI"]
[Sun Jun 08 02:26:10.216142 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYorUz9CVwWtZ9cYd_vAAAAAI"]
[Sun Jun 08 02:26:10.216222 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYorUz9CVwWtZ9cYd_vAAAAAI"]
[Sun Jun 08 02:26:10.216264 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /index.php/core/preview?file=../../../../../../../../root/.aws/credentials&x=100&y=100"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYorUz9CVwWtZ9cYd_vAAAAAI"]
[Sun Jun 08 02:26:10.216864 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYorUz9CVwWtZ9cYd_vAAAAAI"]
[Sun Jun 08 02:26:10.217068 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/index.php/core/preview"] [unique_id "aETYorUz9CVwWtZ9cYd_vAAAAAI"]
[Sun Jun 08 02:26:11.061880 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aETYo7Uz9CVwWtZ9cYd_vQAAAAI"]
[Sun Jun 08 02:26:11.062082 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aETYo7Uz9CVwWtZ9cYd_vQAAAAI"]
[Sun Jun 08 02:26:11.062315 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aETYo7Uz9CVwWtZ9cYd_vQAAAAI"]
[Sun Jun 08 02:26:11.870815 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aETYo7Uz9CVwWtZ9cYd_vgAAAAI"]
[Sun Jun 08 02:26:11.871073 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aETYo7Uz9CVwWtZ9cYd_vgAAAAI"]
[Sun Jun 08 02:26:11.871261 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aETYo7Uz9CVwWtZ9cYd_vgAAAAI"]
[Sun Jun 08 02:26:12.560604 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aETYpLUz9CVwWtZ9cYd_vwAAAAI"]
[Sun Jun 08 02:26:12.560832 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aETYpLUz9CVwWtZ9cYd_vwAAAAI"]
[Sun Jun 08 02:26:12.561009 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aETYpLUz9CVwWtZ9cYd_vwAAAAI"]
[Sun Jun 08 02:26:14.032942 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aETYprUz9CVwWtZ9cYd_wQAAAAI"]
[Sun Jun 08 02:26:14.033168 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aETYprUz9CVwWtZ9cYd_wQAAAAI"]
[Sun Jun 08 02:26:14.033391 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aETYprUz9CVwWtZ9cYd_wQAAAAI"]
[Sun Jun 08 02:26:15.068745 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aETYp7Uz9CVwWtZ9cYd_wgAAAAI"]
[Sun Jun 08 02:26:15.068959 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aETYp7Uz9CVwWtZ9cYd_wgAAAAI"]
[Sun Jun 08 02:26:15.069134 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aETYp7Uz9CVwWtZ9cYd_wgAAAAI"]
[Sun Jun 08 02:26:16.268138 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aETYqLUz9CVwWtZ9cYd_wwAAAAI"]
[Sun Jun 08 02:26:16.268338 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aETYqLUz9CVwWtZ9cYd_wwAAAAI"]
[Sun Jun 08 02:26:16.268508 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aETYqLUz9CVwWtZ9cYd_wwAAAAI"]
[Sun Jun 08 02:26:17.614317 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aETYqbUz9CVwWtZ9cYd_xAAAAAI"]
[Sun Jun 08 02:26:17.614533 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aETYqbUz9CVwWtZ9cYd_xAAAAAI"]
[Sun Jun 08 02:26:17.614713 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aETYqbUz9CVwWtZ9cYd_xAAAAAI"]
[Sun Jun 08 02:26:19.154287 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aETYq7Uz9CVwWtZ9cYd_xQAAAAI"]
[Sun Jun 08 02:26:19.154507 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aETYq7Uz9CVwWtZ9cYd_xQAAAAI"]
[Sun Jun 08 02:26:19.154695 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aETYq7Uz9CVwWtZ9cYd_xQAAAAI"]
[Sun Jun 08 02:26:21.756917 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aETYrbUz9CVwWtZ9cYd_xwAAAAI"]
[Sun Jun 08 02:26:21.757103 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aETYrbUz9CVwWtZ9cYd_xwAAAAI"]
[Sun Jun 08 02:26:21.757268 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aETYrbUz9CVwWtZ9cYd_xwAAAAI"]
[Sun Jun 08 02:26:22.778975 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aETYrrUz9CVwWtZ9cYd_yAAAAAI"]
[Sun Jun 08 02:26:22.779199 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aETYrrUz9CVwWtZ9cYd_yAAAAAI"]
[Sun Jun 08 02:26:22.779398 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aETYrrUz9CVwWtZ9cYd_yAAAAAI"]
[Sun Jun 08 02:26:23.890571 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aETYr7Uz9CVwWtZ9cYd_yQAAAAI"]
[Sun Jun 08 02:26:23.890784 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aETYr7Uz9CVwWtZ9cYd_yQAAAAI"]
[Sun Jun 08 02:26:23.891006 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aETYr7Uz9CVwWtZ9cYd_yQAAAAI"]
[Sun Jun 08 02:26:25.175617 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aETYsbUz9CVwWtZ9cYd_ygAAAAI"]
[Sun Jun 08 02:26:25.175846 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aETYsbUz9CVwWtZ9cYd_ygAAAAI"]
[Sun Jun 08 02:26:25.176046 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aETYsbUz9CVwWtZ9cYd_ygAAAAI"]
[Sun Jun 08 02:26:26.611516 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aETYsrUz9CVwWtZ9cYd_ywAAAAI"]
[Sun Jun 08 02:26:26.611743 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aETYsrUz9CVwWtZ9cYd_ywAAAAI"]
[Sun Jun 08 02:26:26.611963 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aETYsrUz9CVwWtZ9cYd_ywAAAAI"]
[Sun Jun 08 02:26:28.223262 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aETYtLUz9CVwWtZ9cYd_zAAAAAI"]
[Sun Jun 08 02:26:28.223446 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aETYtLUz9CVwWtZ9cYd_zAAAAAI"]
[Sun Jun 08 02:26:28.223647 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aETYtLUz9CVwWtZ9cYd_zAAAAAI"]
[Sun Jun 08 02:26:29.436169 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aETYtbUz9CVwWtZ9cYd_zQAAAAI"]
[Sun Jun 08 02:26:29.436391 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aETYtbUz9CVwWtZ9cYd_zQAAAAI"]
[Sun Jun 08 02:26:29.436627 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aETYtbUz9CVwWtZ9cYd_zQAAAAI"]
[Sun Jun 08 02:26:30.519357 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /home/user/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aETYtrUz9CVwWtZ9cYd_zgAAAAI"]
[Sun Jun 08 02:26:30.519562 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aETYtrUz9CVwWtZ9cYd_zgAAAAI"]
[Sun Jun 08 02:26:30.519803 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home/user/.aws/credentials"] [unique_id "aETYtrUz9CVwWtZ9cYd_zgAAAAI"]
[Sun Jun 08 02:26:35.187731 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aETYu7Uz9CVwWtZ9cYd_zwAAAAI"]
[Sun Jun 08 02:26:35.187946 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aETYu7Uz9CVwWtZ9cYd_zwAAAAI"]
[Sun Jun 08 02:26:35.188131 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aETYu7Uz9CVwWtZ9cYd_zwAAAAI"]
[Sun Jun 08 02:26:37.091491 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aETYvbUz9CVwWtZ9cYd_0AAAAAI"]
[Sun Jun 08 02:26:37.091712 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aETYvbUz9CVwWtZ9cYd_0AAAAAI"]
[Sun Jun 08 02:26:37.091919 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aETYvbUz9CVwWtZ9cYd_0AAAAAI"]
[Sun Jun 08 02:26:37.936261 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aETYvbUz9CVwWtZ9cYd_0QAAAAI"]
[Sun Jun 08 02:26:37.936472 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aETYvbUz9CVwWtZ9cYd_0QAAAAI"]
[Sun Jun 08 02:26:37.936702 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aETYvbUz9CVwWtZ9cYd_0QAAAAI"]
[Sun Jun 08 02:26:38.794504 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aETYvrUz9CVwWtZ9cYd_0gAAAAI"]
[Sun Jun 08 02:26:38.794701 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aETYvrUz9CVwWtZ9cYd_0gAAAAI"]
[Sun Jun 08 02:26:38.794870 2025] [:error] [pid 3709499] [client 107.150.0.115:55954] [client 107.150.0.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aETYvrUz9CVwWtZ9cYd_0gAAAAI"]
[Mon Jun 09 06:20:04.264503 2025] [:error] [pid 3732064] [client 13.39.163.23:60300] [client 13.39.163.23] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEZg9E8z_ZDku17AIsDn1wAAAAc"]
[Mon Jun 09 06:20:04.264751 2025] [:error] [pid 3732064] [client 13.39.163.23:60300] [client 13.39.163.23] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEZg9E8z_ZDku17AIsDn1wAAAAc"]
[Mon Jun 09 06:20:04.264913 2025] [:error] [pid 3732064] [client 13.39.163.23:60300] [client 13.39.163.23] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aEZg9E8z_ZDku17AIsDn1wAAAAc"]
[Mon Jun 09 08:08:04.163861 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEZ6RPapOuZKkaf2c_kwiAAAAAk"]
[Mon Jun 09 08:08:04.164144 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEZ6RPapOuZKkaf2c_kwiAAAAAk"]
[Mon Jun 09 08:08:04.164324 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEZ6RPapOuZKkaf2c_kwiAAAAAk"]
[Mon Jun 09 08:08:04.222709 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwigAAAAk"]
[Mon Jun 09 08:08:04.222948 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwigAAAAk"]
[Mon Jun 09 08:08:04.223111 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwigAAAAk"]
[Mon Jun 09 08:08:04.251761 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEZ6RPapOuZKkaf2c_kwiwAAAAk"]
[Mon Jun 09 08:08:04.251915 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEZ6RPapOuZKkaf2c_kwiwAAAAk"]
[Mon Jun 09 08:08:04.252146 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEZ6RPapOuZKkaf2c_kwiwAAAAk"]
[Mon Jun 09 08:08:04.252348 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEZ6RPapOuZKkaf2c_kwiwAAAAk"]
[Mon Jun 09 08:08:04.281101 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEZ6RPapOuZKkaf2c_kwjAAAAAk"]
[Mon Jun 09 08:08:04.281337 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEZ6RPapOuZKkaf2c_kwjAAAAAk"]
[Mon Jun 09 08:08:04.281529 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEZ6RPapOuZKkaf2c_kwjAAAAAk"]
[Mon Jun 09 08:08:04.310337 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEZ6RPapOuZKkaf2c_kwjQAAAAk"]
[Mon Jun 09 08:08:04.310601 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEZ6RPapOuZKkaf2c_kwjQAAAAk"]
[Mon Jun 09 08:08:04.310809 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEZ6RPapOuZKkaf2c_kwjQAAAAk"]
[Mon Jun 09 08:08:04.339453 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEZ6RPapOuZKkaf2c_kwjgAAAAk"]
[Mon Jun 09 08:08:04.339612 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEZ6RPapOuZKkaf2c_kwjgAAAAk"]
[Mon Jun 09 08:08:04.339853 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEZ6RPapOuZKkaf2c_kwjgAAAAk"]
[Mon Jun 09 08:08:04.340034 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEZ6RPapOuZKkaf2c_kwjgAAAAk"]
[Mon Jun 09 08:08:04.368692 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEZ6RPapOuZKkaf2c_kwjwAAAAk"]
[Mon Jun 09 08:08:04.368934 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEZ6RPapOuZKkaf2c_kwjwAAAAk"]
[Mon Jun 09 08:08:04.369114 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEZ6RPapOuZKkaf2c_kwjwAAAAk"]
[Mon Jun 09 08:08:04.458662 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwkgAAAAk"]
[Mon Jun 09 08:08:04.458925 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwkgAAAAk"]
[Mon Jun 09 08:08:04.459132 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwkgAAAAk"]
[Mon Jun 09 08:08:04.755336 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwnAAAAAk"]
[Mon Jun 09 08:08:04.755544 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwnAAAAAk"]
[Mon Jun 09 08:08:04.755698 2025] [:error] [pid 3732066] [client 185.177.72.106:43210] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEZ6RPapOuZKkaf2c_kwnAAAAAk"]
[Tue Jun 10 23:57:51.218327 2025] [:error] [pid 3758035] [client 185.177.72.144:8302] [client 185.177.72.144] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEiqX2upws6pHiRAP8PmLgAAAAk"]
[Tue Jun 10 23:57:51.219579 2025] [:error] [pid 3758035] [client 185.177.72.144:8302] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEiqX2upws6pHiRAP8PmLgAAAAk"]
[Tue Jun 10 23:57:51.219776 2025] [:error] [pid 3758035] [client 185.177.72.144:8302] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEiqX2upws6pHiRAP8PmLgAAAAk"]
[Tue Jun 10 23:57:51.813272 2025] [:error] [pid 3758035] [client 185.177.72.144:8302] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEiqX2upws6pHiRAP8PmMAAAAAk"]
[Tue Jun 10 23:57:51.813523 2025] [:error] [pid 3758035] [client 185.177.72.144:8302] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEiqX2upws6pHiRAP8PmMAAAAAk"]
[Tue Jun 10 23:57:51.813727 2025] [:error] [pid 3758035] [client 185.177.72.144:8302] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEiqX2upws6pHiRAP8PmMAAAAAk"]
[Fri Jun 13 03:48:36.567009 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEuDdKRO9RNT700HdUhz_AAAAAs"]
[Fri Jun 13 03:48:36.568564 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEuDdKRO9RNT700HdUhz_AAAAAs"]
[Fri Jun 13 03:48:36.568743 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aEuDdKRO9RNT700HdUhz_AAAAAs"]
[Fri Jun 13 03:48:36.611114 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEuDdKRO9RNT700HdUhz_gAAAAs"]
[Fri Jun 13 03:48:36.611341 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEuDdKRO9RNT700HdUhz_gAAAAs"]
[Fri Jun 13 03:48:36.611506 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEuDdKRO9RNT700HdUhz_gAAAAs"]
[Fri Jun 13 03:48:36.632706 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEuDdKRO9RNT700HdUhz_wAAAAs"]
[Fri Jun 13 03:48:36.632849 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEuDdKRO9RNT700HdUhz_wAAAAs"]
[Fri Jun 13 03:48:36.633057 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEuDdKRO9RNT700HdUhz_wAAAAs"]
[Fri Jun 13 03:48:36.633208 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aEuDdKRO9RNT700HdUhz_wAAAAs"]
[Fri Jun 13 03:48:36.653296 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEuDdKRO9RNT700HdUh0AAAAAAs"]
[Fri Jun 13 03:48:36.653510 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEuDdKRO9RNT700HdUh0AAAAAAs"]
[Fri Jun 13 03:48:36.653656 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aEuDdKRO9RNT700HdUh0AAAAAAs"]
[Fri Jun 13 03:48:36.673666 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEuDdKRO9RNT700HdUh0AQAAAAs"]
[Fri Jun 13 03:48:36.673876 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEuDdKRO9RNT700HdUh0AQAAAAs"]
[Fri Jun 13 03:48:36.674023 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aEuDdKRO9RNT700HdUh0AQAAAAs"]
[Fri Jun 13 03:48:36.693915 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEuDdKRO9RNT700HdUh0AgAAAAs"]
[Fri Jun 13 03:48:36.694059 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEuDdKRO9RNT700HdUh0AgAAAAs"]
[Fri Jun 13 03:48:36.694285 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEuDdKRO9RNT700HdUh0AgAAAAs"]
[Fri Jun 13 03:48:36.694439 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aEuDdKRO9RNT700HdUh0AgAAAAs"]
[Fri Jun 13 03:48:36.714383 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEuDdKRO9RNT700HdUh0AwAAAAs"]
[Fri Jun 13 03:48:36.714588 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEuDdKRO9RNT700HdUh0AwAAAAs"]
[Fri Jun 13 03:48:36.714750 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aEuDdKRO9RNT700HdUh0AwAAAAs"]
[Fri Jun 13 03:48:36.778084 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEuDdKRO9RNT700HdUh0BgAAAAs"]
[Fri Jun 13 03:48:36.778347 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEuDdKRO9RNT700HdUh0BgAAAAs"]
[Fri Jun 13 03:48:36.778527 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aEuDdKRO9RNT700HdUh0BgAAAAs"]
[Fri Jun 13 03:48:37.002398 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEuDdaRO9RNT700HdUh0EAAAAAs"]
[Fri Jun 13 03:48:37.002629 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEuDdaRO9RNT700HdUh0EAAAAAs"]
[Fri Jun 13 03:48:37.002787 2025] [:error] [pid 3821261] [client 185.177.72.210:38906] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aEuDdaRO9RNT700HdUh0EAAAAAs"]
[Fri Jun 13 13:03:47.715239 2025] [:error] [pid 3821262] [client 196.251.83.232:44984] [client 196.251.83.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEwFk-gR93g3zLnCzAYV1AAAAAw"]
[Fri Jun 13 13:03:47.715692 2025] [:error] [pid 3821262] [client 196.251.83.232:44984] [client 196.251.83.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEwFk-gR93g3zLnCzAYV1AAAAAw"]
[Fri Jun 13 13:03:47.715905 2025] [:error] [pid 3821262] [client 196.251.83.232:44984] [client 196.251.83.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEwFk-gR93g3zLnCzAYV1AAAAAw"]
[Fri Jun 13 23:54:05.703812 2025] [:error] [pid 3821261] [client 196.251.83.232:57902] [client 196.251.83.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEyd_aRO9RNT700HdUh0UgAAAAs"]
[Fri Jun 13 23:54:05.705059 2025] [:error] [pid 3821261] [client 196.251.83.232:57902] [client 196.251.83.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEyd_aRO9RNT700HdUh0UgAAAAs"]
[Fri Jun 13 23:54:05.705262 2025] [:error] [pid 3821261] [client 196.251.83.232:57902] [client 196.251.83.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aEyd_aRO9RNT700HdUh0UgAAAAs"]
[Tue Jun 17 12:54:13.546707 2025] [:error] [pid 3908140] [client 77.234.44.186:16614] [client 77.234.44.186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFFJVTtYDhvm_gvpEQAuXwAAAAY"]
[Tue Jun 17 12:54:13.547905 2025] [:error] [pid 3908140] [client 77.234.44.186:16614] [client 77.234.44.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFFJVTtYDhvm_gvpEQAuXwAAAAY"]
[Tue Jun 17 12:54:13.548089 2025] [:error] [pid 3908140] [client 77.234.44.186:16614] [client 77.234.44.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aFFJVTtYDhvm_gvpEQAuXwAAAAY"]
[Tue Jun 17 12:54:42.657241 2025] [:error] [pid 3908099] [client 77.234.44.186:16699] [client 77.234.44.186] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aFFJchbycCdpHdwniILGmAAAAAI"]
[Tue Jun 17 12:54:42.657502 2025] [:error] [pid 3908099] [client 77.234.44.186:16699] [client 77.234.44.186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aFFJchbycCdpHdwniILGmAAAAAI"]
[Tue Jun 17 12:54:42.657663 2025] [:error] [pid 3908099] [client 77.234.44.186:16699] [client 77.234.44.186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aFFJchbycCdpHdwniILGmAAAAAI"]
[Fri Jun 27 00:09:49.968585 2025] [:error] [pid 1688889] [client 34.145.215.42:42036] [client 34.145.215.42] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aF3FLUoOp-P2UH3Ag8mCGgAAAAA"]
[Fri Jun 27 00:09:49.998955 2025] [:error] [pid 1688889] [client 34.145.215.42:42036] [client 34.145.215.42] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aF3FLUoOp-P2UH3Ag8mCGgAAAAA"]
[Fri Jun 27 00:09:49.999194 2025] [:error] [pid 1688889] [client 34.145.215.42:42036] [client 34.145.215.42] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aF3FLUoOp-P2UH3Ag8mCGgAAAAA"]
[Sat Jun 28 22:40:21.682758 2025] [authz_core:error] [pid 2859301] [client 159.89.12.166:49806] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Sat Jun 28 22:40:21.838737 2025] [:error] [pid 2859303] [client 159.89.12.166:49840] [client 159.89.12.166] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGBTNdQM1WyjkQnpCLxK_AAAAAY"]
[Sat Jun 28 22:40:21.838948 2025] [:error] [pid 2859303] [client 159.89.12.166:49840] [client 159.89.12.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGBTNdQM1WyjkQnpCLxK_AAAAAY"]
[Sat Jun 28 22:40:21.839108 2025] [:error] [pid 2859303] [client 159.89.12.166:49840] [client 159.89.12.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGBTNdQM1WyjkQnpCLxK_AAAAAY"]
[Sat Jun 28 22:40:21.889624 2025] [:error] [pid 2859303] [client 159.89.12.166:49846] [client 159.89.12.166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGBTNdQM1WyjkQnpCLxK_QAAAAY"]
[Sat Jun 28 22:40:21.889853 2025] [:error] [pid 2859303] [client 159.89.12.166:49846] [client 159.89.12.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGBTNdQM1WyjkQnpCLxK_QAAAAY"]
[Sat Jun 28 22:40:21.890010 2025] [:error] [pid 2859303] [client 159.89.12.166:49846] [client 159.89.12.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGBTNdQM1WyjkQnpCLxK_QAAAAY"]
[Sat Jun 28 22:40:21.940751 2025] [:error] [pid 2859304] [client 159.89.12.166:49848] [client 159.89.12.166] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGBTNV_BsO_XCV0AK5pt0AAAAAc"]
[Sat Jun 28 22:40:21.940967 2025] [:error] [pid 2859304] [client 159.89.12.166:49848] [client 159.89.12.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGBTNV_BsO_XCV0AK5pt0AAAAAc"]
[Sat Jun 28 22:40:21.941125 2025] [:error] [pid 2859304] [client 159.89.12.166:49848] [client 159.89.12.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGBTNV_BsO_XCV0AK5pt0AAAAAc"]
[Sun Jun 29 06:35:14.813702 2025] [:error] [pid 2968165] [client 213.232.87.230:14875] [client 213.232.87.230] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGDCguU-dj-hWt1UAd7gOQAAAAU"]
[Sun Jun 29 06:35:14.813903 2025] [:error] [pid 2968165] [client 213.232.87.230:14875] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGDCguU-dj-hWt1UAd7gOQAAAAU"]
[Sun Jun 29 06:35:14.814068 2025] [:error] [pid 2968165] [client 213.232.87.230:14875] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGDCguU-dj-hWt1UAd7gOQAAAAU"]
[Sun Jun 29 06:35:14.815095 2025] [:error] [pid 2967920] [client 213.232.87.230:19139] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aGDCgq1XEc-sC3fb0P3MKQAAAAI"]
[Sun Jun 29 06:35:14.815358 2025] [:error] [pid 2967920] [client 213.232.87.230:19139] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aGDCgq1XEc-sC3fb0P3MKQAAAAI"]
[Sun Jun 29 06:35:14.815526 2025] [:error] [pid 2967920] [client 213.232.87.230:19139] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aGDCgq1XEc-sC3fb0P3MKQAAAAI"]
[Sun Jun 29 06:35:14.816358 2025] [:error] [pid 2967919] [client 213.232.87.230:63001] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGDCgntTxOj9v32ojom5mgAAAAE"]
[Sun Jun 29 06:35:14.816506 2025] [:error] [pid 2967919] [client 213.232.87.230:63001] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGDCgntTxOj9v32ojom5mgAAAAE"]
[Sun Jun 29 06:35:14.816673 2025] [:error] [pid 2967919] [client 213.232.87.230:63001] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGDCgntTxOj9v32ojom5mgAAAAE"]
[Sun Jun 29 06:35:14.818389 2025] [:error] [pid 2967918] [client 213.232.87.230:62577] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGDCgjOxdet7QOoqVXWV0gAAAAA"]
[Sun Jun 29 06:35:14.818538 2025] [:error] [pid 2967918] [client 213.232.87.230:62577] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGDCgjOxdet7QOoqVXWV0gAAAAA"]
[Sun Jun 29 06:35:14.818687 2025] [:error] [pid 2967918] [client 213.232.87.230:62577] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGDCgjOxdet7QOoqVXWV0gAAAAA"]
[Sun Jun 29 06:35:15.062190 2025] [:error] [pid 2967922] [client 213.232.87.230:44125] [client 213.232.87.230] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aGDCg33T5w8Ph4-X-hFFjgAAAAQ"]
[Sun Jun 29 06:35:15.062419 2025] [:error] [pid 2967922] [client 213.232.87.230:44125] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aGDCg33T5w8Ph4-X-hFFjgAAAAQ"]
[Sun Jun 29 06:35:15.062608 2025] [:error] [pid 2967922] [client 213.232.87.230:44125] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aGDCg33T5w8Ph4-X-hFFjgAAAAQ"]
[Sun Jun 29 06:35:15.069443 2025] [:error] [pid 2967920] [client 213.232.87.230:3493] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGDCg61XEc-sC3fb0P3MKgAAAAI"]
[Sun Jun 29 06:35:15.069615 2025] [:error] [pid 2967920] [client 213.232.87.230:3493] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGDCg61XEc-sC3fb0P3MKgAAAAI"]
[Sun Jun 29 06:35:15.069755 2025] [:error] [pid 2967920] [client 213.232.87.230:3493] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGDCg61XEc-sC3fb0P3MKgAAAAI"]
[Sun Jun 29 06:35:15.072291 2025] [:error] [pid 2967918] [client 213.232.87.230:18073] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aGDCgzOxdet7QOoqVXWV0wAAAAA"]
[Sun Jun 29 06:35:15.072552 2025] [:error] [pid 2967918] [client 213.232.87.230:18073] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aGDCgzOxdet7QOoqVXWV0wAAAAA"]
[Sun Jun 29 06:35:15.072704 2025] [:error] [pid 2967918] [client 213.232.87.230:18073] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aGDCgzOxdet7QOoqVXWV0wAAAAA"]
[Sun Jun 29 06:35:15.516488 2025] [:error] [pid 2967918] [client 213.232.87.230:33515] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aGDCgzOxdet7QOoqVXWV1AAAAAA"]
[Sun Jun 29 06:35:15.516799 2025] [:error] [pid 2967918] [client 213.232.87.230:33515] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aGDCgzOxdet7QOoqVXWV1AAAAAA"]
[Sun Jun 29 06:35:15.516972 2025] [:error] [pid 2967918] [client 213.232.87.230:33515] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aGDCgzOxdet7QOoqVXWV1AAAAAA"]
[Sun Jun 29 06:35:15.517801 2025] [:error] [pid 2968165] [client 213.232.87.230:4263] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGDCg-U-dj-hWt1UAd7gOwAAAAU"]
[Sun Jun 29 06:35:15.517952 2025] [:error] [pid 2968165] [client 213.232.87.230:4263] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGDCg-U-dj-hWt1UAd7gOwAAAAU"]
[Sun Jun 29 06:35:15.518089 2025] [:error] [pid 2968165] [client 213.232.87.230:4263] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGDCg-U-dj-hWt1UAd7gOwAAAAU"]
[Sun Jun 29 06:35:16.118235 2025] [:error] [pid 2967922] [client 213.232.87.230:23411] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGDChH3T5w8Ph4-X-hFFkAAAAAQ"]
[Sun Jun 29 06:35:16.121818 2025] [:error] [pid 2967922] [client 213.232.87.230:23411] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGDChH3T5w8Ph4-X-hFFkAAAAAQ"]
[Sun Jun 29 06:35:16.121966 2025] [:error] [pid 2967922] [client 213.232.87.230:23411] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGDChH3T5w8Ph4-X-hFFkAAAAAQ"]
[Sun Jun 29 06:35:16.126265 2025] [:error] [pid 3059540] [client 213.232.87.230:21297] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aGDChHN4YZunzJSJCzJ52AAAAAY"]
[Sun Jun 29 06:35:16.126411 2025] [:error] [pid 3059540] [client 213.232.87.230:21297] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aGDChHN4YZunzJSJCzJ52AAAAAY"]
[Sun Jun 29 06:35:16.126603 2025] [:error] [pid 3059540] [client 213.232.87.230:21297] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aGDChHN4YZunzJSJCzJ52AAAAAY"]
[Sun Jun 29 06:35:16.126748 2025] [:error] [pid 3059540] [client 213.232.87.230:21297] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aGDChHN4YZunzJSJCzJ52AAAAAY"]
[Sun Jun 29 06:35:16.472395 2025] [:error] [pid 2967919] [client 213.232.87.230:11231] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aGDChHtTxOj9v32ojom5ngAAAAE"]
[Sun Jun 29 06:35:16.472646 2025] [:error] [pid 2967918] [client 213.232.87.230:43245] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aGDChDOxdet7QOoqVXWV1gAAAAA"]
[Sun Jun 29 06:35:16.472705 2025] [:error] [pid 2967919] [client 213.232.87.230:11231] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aGDChHtTxOj9v32ojom5ngAAAAE"]
[Sun Jun 29 06:35:16.472890 2025] [:error] [pid 2967919] [client 213.232.87.230:11231] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aGDChHtTxOj9v32ojom5ngAAAAE"]
[Sun Jun 29 06:35:16.472914 2025] [:error] [pid 2967918] [client 213.232.87.230:43245] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aGDChDOxdet7QOoqVXWV1gAAAAA"]
[Sun Jun 29 06:35:16.473122 2025] [:error] [pid 2967918] [client 213.232.87.230:43245] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aGDChDOxdet7QOoqVXWV1gAAAAA"]
[Sun Jun 29 06:35:16.482443 2025] [authz_core:error] [pid 2967921] [client 213.232.87.230:46289] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Sun Jun 29 06:35:16.525130 2025] [:error] [pid 3059540] [client 213.232.87.230:12965] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aGDChHN4YZunzJSJCzJ52QAAAAY"]
[Sun Jun 29 06:35:16.525433 2025] [:error] [pid 3059540] [client 213.232.87.230:12965] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aGDChHN4YZunzJSJCzJ52QAAAAY"]
[Sun Jun 29 06:35:16.525614 2025] [:error] [pid 3059540] [client 213.232.87.230:12965] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aGDChHN4YZunzJSJCzJ52QAAAAY"]
[Sun Jun 29 06:35:16.712631 2025] [:error] [pid 2967918] [client 213.232.87.230:52255] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGDChDOxdet7QOoqVXWV1wAAAAA"]
[Sun Jun 29 06:35:16.712952 2025] [:error] [pid 2967918] [client 213.232.87.230:52255] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGDChDOxdet7QOoqVXWV1wAAAAA"]
[Sun Jun 29 06:35:16.713124 2025] [:error] [pid 2967918] [client 213.232.87.230:52255] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGDChDOxdet7QOoqVXWV1wAAAAA"]
[Sun Jun 29 06:35:16.755044 2025] [:error] [pid 2967922] [client 213.232.87.230:46921] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aGDChH3T5w8Ph4-X-hFFkgAAAAQ"]
[Sun Jun 29 06:35:16.755194 2025] [:error] [pid 2967922] [client 213.232.87.230:46921] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aGDChH3T5w8Ph4-X-hFFkgAAAAQ"]
[Sun Jun 29 06:35:16.755390 2025] [:error] [pid 2967922] [client 213.232.87.230:46921] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aGDChH3T5w8Ph4-X-hFFkgAAAAQ"]
[Sun Jun 29 06:35:16.755559 2025] [:error] [pid 2967922] [client 213.232.87.230:46921] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aGDChH3T5w8Ph4-X-hFFkgAAAAQ"]
[Sun Jun 29 12:15:18.425870 2025] [:error] [pid 2967922] [client 198.55.98.210:56810] [client 198.55.98.210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGESNn3T5w8Ph4-X-hFFuAAAAAQ"]
[Sun Jun 29 12:15:18.426128 2025] [:error] [pid 2967922] [client 198.55.98.210:56810] [client 198.55.98.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGESNn3T5w8Ph4-X-hFFuAAAAAQ"]
[Sun Jun 29 12:15:18.426304 2025] [:error] [pid 2967922] [client 198.55.98.210:56810] [client 198.55.98.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGESNn3T5w8Ph4-X-hFFuAAAAAQ"]
[Sun Jun 29 12:48:12.063103 2025] [:error] [pid 2968165] [client 77.90.153.170:37324] [client 77.90.153.170] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGEZ7OU-dj-hWt1UAd7gVwAAAAU"]
[Sun Jun 29 12:48:12.063392 2025] [:error] [pid 2968165] [client 77.90.153.170:37324] [client 77.90.153.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGEZ7OU-dj-hWt1UAd7gVwAAAAU"]
[Sun Jun 29 12:48:12.063556 2025] [:error] [pid 2968165] [client 77.90.153.170:37324] [client 77.90.153.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGEZ7OU-dj-hWt1UAd7gVwAAAAU"]
[Sun Jun 29 14:30:30.848427 2025] [:error] [pid 2968165] [client 51.89.79.132:58802] [client 51.89.79.132] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGEx5uU-dj-hWt1UAd7gXQAAAAU"]
[Sun Jun 29 14:30:30.848652 2025] [:error] [pid 2968165] [client 51.89.79.132:58802] [client 51.89.79.132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGEx5uU-dj-hWt1UAd7gXQAAAAU"]
[Sun Jun 29 14:30:30.848840 2025] [:error] [pid 2968165] [client 51.89.79.132:58802] [client 51.89.79.132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGEx5uU-dj-hWt1UAd7gXQAAAAU"]
[Sun Jun 29 20:12:56.758806 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGGCKHN4YZunzJSJCzJ6AgAAAAY"]
[Sun Jun 29 20:12:56.759096 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGGCKHN4YZunzJSJCzJ6AgAAAAY"]
[Sun Jun 29 20:12:56.759272 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGGCKHN4YZunzJSJCzJ6AgAAAAY"]
[Sun Jun 29 20:12:56.811116 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGGCKHN4YZunzJSJCzJ6AwAAAAY"]
[Sun Jun 29 20:12:56.811354 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGGCKHN4YZunzJSJCzJ6AwAAAAY"]
[Sun Jun 29 20:12:56.811579 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGGCKHN4YZunzJSJCzJ6AwAAAAY"]
[Sun Jun 29 20:13:01.864212 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGGCLXN4YZunzJSJCzJ6FgAAAAY"]
[Sun Jun 29 20:13:01.864761 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGGCLXN4YZunzJSJCzJ6FgAAAAY"]
[Sun Jun 29 20:13:01.865010 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGGCLXN4YZunzJSJCzJ6FgAAAAY"]
[Sun Jun 29 20:13:01.886898 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup.sql"] [unique_id "aGGCLXN4YZunzJSJCzJ6FwAAAAY"]
[Sun Jun 29 20:13:01.887237 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup.sql"] [unique_id "aGGCLXN4YZunzJSJCzJ6FwAAAAY"]
[Sun Jun 29 20:13:01.887415 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup.sql"] [unique_id "aGGCLXN4YZunzJSJCzJ6FwAAAAY"]
[Sun Jun 29 20:13:06.355598 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/db.sql"] [unique_id "aGGCMnN4YZunzJSJCzJ6GwAAAAY"]
[Sun Jun 29 20:13:06.355950 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/db.sql"] [unique_id "aGGCMnN4YZunzJSJCzJ6GwAAAAY"]
[Sun Jun 29 20:13:06.356129 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/db.sql"] [unique_id "aGGCMnN4YZunzJSJCzJ6GwAAAAY"]
[Sun Jun 29 20:13:06.378214 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/mysql.sql"] [unique_id "aGGCMnN4YZunzJSJCzJ6HAAAAAY"]
[Sun Jun 29 20:13:06.378607 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/mysql.sql"] [unique_id "aGGCMnN4YZunzJSJCzJ6HAAAAAY"]
[Sun Jun 29 20:13:06.378810 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/mysql.sql"] [unique_id "aGGCMnN4YZunzJSJCzJ6HAAAAAY"]
[Sun Jun 29 20:13:11.291836 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.cpanel/caches/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.cpanel/caches/config/.env"] [unique_id "aGGCN3N4YZunzJSJCzJ6IwAAAAY"]
[Sun Jun 29 20:13:11.292086 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.cpanel/caches/config/.env"] [unique_id "aGGCN3N4YZunzJSJCzJ6IwAAAAY"]
[Sun Jun 29 20:13:11.292271 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.cpanel/caches/config/.env"] [unique_id "aGGCN3N4YZunzJSJCzJ6IwAAAAY"]
[Sun Jun 29 20:13:11.337297 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.database.bak"] [unique_id "aGGCN3N4YZunzJSJCzJ6JQAAAAY"]
[Sun Jun 29 20:13:11.337658 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.database.bak"] [unique_id "aGGCN3N4YZunzJSJCzJ6JQAAAAY"]
[Sun Jun 29 20:13:11.337845 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.database.bak"] [unique_id "aGGCN3N4YZunzJSJCzJ6JQAAAAY"]
[Sun Jun 29 20:13:11.360174 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.database.sql"] [unique_id "aGGCN3N4YZunzJSJCzJ6JgAAAAY"]
[Sun Jun 29 20:13:11.360543 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.database.sql"] [unique_id "aGGCN3N4YZunzJSJCzJ6JgAAAAY"]
[Sun Jun 29 20:13:11.360733 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.database.sql"] [unique_id "aGGCN3N4YZunzJSJCzJ6JgAAAAY"]
[Sun Jun 29 20:13:11.430113 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.db_backup.sql"] [unique_id "aGGCN3N4YZunzJSJCzJ6KQAAAAY"]
[Sun Jun 29 20:13:11.430493 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.db_backup.sql"] [unique_id "aGGCN3N4YZunzJSJCzJ6KQAAAAY"]
[Sun Jun 29 20:13:11.430684 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.db_backup.sql"] [unique_id "aGGCN3N4YZunzJSJCzJ6KQAAAAY"]
[Sun Jun 29 20:13:16.464725 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.dump.sql"] [unique_id "aGGCPHN4YZunzJSJCzJ6LwAAAAY"]
[Sun Jun 29 20:13:16.465296 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.dump.sql"] [unique_id "aGGCPHN4YZunzJSJCzJ6LwAAAAY"]
[Sun Jun 29 20:13:16.465563 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.dump.sql"] [unique_id "aGGCPHN4YZunzJSJCzJ6LwAAAAY"]
[Sun Jun 29 20:13:16.535343 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGGCPHN4YZunzJSJCzJ6MgAAAAY"]
[Sun Jun 29 20:13:16.535587 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGGCPHN4YZunzJSJCzJ6MgAAAAY"]
[Sun Jun 29 20:13:16.535782 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGGCPHN4YZunzJSJCzJ6MgAAAAY"]
[Sun Jun 29 20:13:16.558049 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aGGCPHN4YZunzJSJCzJ6MwAAAAY"]
[Sun Jun 29 20:13:16.558198 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aGGCPHN4YZunzJSJCzJ6MwAAAAY"]
[Sun Jun 29 20:13:16.558449 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aGGCPHN4YZunzJSJCzJ6MwAAAAY"]
[Sun Jun 29 20:13:16.558634 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aGGCPHN4YZunzJSJCzJ6MwAAAAY"]
[Sun Jun 29 20:13:16.585742 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGGCPHN4YZunzJSJCzJ6NAAAAAY"]
[Sun Jun 29 20:13:16.585900 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGGCPHN4YZunzJSJCzJ6NAAAAAY"]
[Sun Jun 29 20:13:16.586119 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGGCPHN4YZunzJSJCzJ6NAAAAAY"]
[Sun Jun 29 20:13:16.586294 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGGCPHN4YZunzJSJCzJ6NAAAAAY"]
[Sun Jun 29 20:13:16.659524 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGGCPHN4YZunzJSJCzJ6NQAAAAY"]
[Sun Jun 29 20:13:16.659770 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGGCPHN4YZunzJSJCzJ6NQAAAAY"]
[Sun Jun 29 20:13:16.659962 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGGCPHN4YZunzJSJCzJ6NQAAAAY"]
[Sun Jun 29 20:13:16.717251 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.json"] [unique_id "aGGCPHN4YZunzJSJCzJ6NgAAAAY"]
[Sun Jun 29 20:13:16.717509 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.json"] [unique_id "aGGCPHN4YZunzJSJCzJ6NgAAAAY"]
[Sun Jun 29 20:13:16.717702 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.json"] [unique_id "aGGCPHN4YZunzJSJCzJ6NgAAAAY"]
[Sun Jun 29 20:13:16.741608 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGGCPHN4YZunzJSJCzJ6NwAAAAY"]
[Sun Jun 29 20:13:16.741866 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGGCPHN4YZunzJSJCzJ6NwAAAAY"]
[Sun Jun 29 20:13:16.742044 2025] [:error] [pid 3059540] [client 185.177.72.107:15396] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGGCPHN4YZunzJSJCzJ6NwAAAAY"]
[Sun Jun 29 20:13:30.058834 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UvwAAAAs"]
[Sun Jun 29 20:13:30.059090 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UvwAAAAs"]
[Sun Jun 29 20:13:30.059252 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UvwAAAAs"]
[Sun Jun 29 20:13:30.081214 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwAAAAAs"]
[Sun Jun 29 20:13:30.081448 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwAAAAAs"]
[Sun Jun 29 20:13:30.081613 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwAAAAAs"]
[Sun Jun 29 20:13:30.103672 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwQAAAAs"]
[Sun Jun 29 20:13:30.103927 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwQAAAAs"]
[Sun Jun 29 20:13:30.104104 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwQAAAAs"]
[Sun Jun 29 20:13:30.125908 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwgAAAAs"]
[Sun Jun 29 20:13:30.126067 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwgAAAAs"]
[Sun Jun 29 20:13:30.126317 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwgAAAAs"]
[Sun Jun 29 20:13:30.126537 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwgAAAAs"]
[Sun Jun 29 20:13:30.148589 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwwAAAAs"]
[Sun Jun 29 20:13:30.148845 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwwAAAAs"]
[Sun Jun 29 20:13:30.149033 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGGCSt8ZUWE-JFfvKe2UwwAAAAs"]
[Sun Jun 29 20:13:30.171075 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxAAAAAs"]
[Sun Jun 29 20:13:30.171361 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxAAAAAs"]
[Sun Jun 29 20:13:30.171564 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.json"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxAAAAAs"]
[Sun Jun 29 20:13:30.193517 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxQAAAAs"]
[Sun Jun 29 20:13:30.193770 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxQAAAAs"]
[Sun Jun 29 20:13:30.193947 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxQAAAAs"]
[Sun Jun 29 20:13:30.241832 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxgAAAAs"]
[Sun Jun 29 20:13:30.242073 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxgAAAAs"]
[Sun Jun 29 20:13:30.242272 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxgAAAAs"]
[Sun Jun 29 20:13:30.280206 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxwAAAAs"]
[Sun Jun 29 20:13:30.280446 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxwAAAAs"]
[Sun Jun 29 20:13:30.280629 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aGGCSt8ZUWE-JFfvKe2UxwAAAAs"]
[Sun Jun 29 20:13:30.303260 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sendgrid"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aGGCSt8ZUWE-JFfvKe2UyAAAAAs"]
[Sun Jun 29 20:13:30.303498 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aGGCSt8ZUWE-JFfvKe2UyAAAAAs"]
[Sun Jun 29 20:13:30.303675 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aGGCSt8ZUWE-JFfvKe2UyAAAAAs"]
[Sun Jun 29 20:13:30.360917 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.smtp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aGGCSt8ZUWE-JFfvKe2UyQAAAAs"]
[Sun Jun 29 20:13:30.361159 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aGGCSt8ZUWE-JFfvKe2UyQAAAAs"]
[Sun Jun 29 20:13:30.361348 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aGGCSt8ZUWE-JFfvKe2UyQAAAAs"]
[Sun Jun 29 20:13:30.383247 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGGCSt8ZUWE-JFfvKe2UygAAAAs"]
[Sun Jun 29 20:13:30.383476 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGGCSt8ZUWE-JFfvKe2UygAAAAs"]
[Sun Jun 29 20:13:30.383649 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGGCSt8ZUWE-JFfvKe2UygAAAAs"]
[Sun Jun 29 20:13:35.367002 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.json"] [unique_id "aGGCT98ZUWE-JFfvKe2UywAAAAs"]
[Sun Jun 29 20:13:35.367416 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.json"] [unique_id "aGGCT98ZUWE-JFfvKe2UywAAAAs"]
[Sun Jun 29 20:13:35.367743 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.json"] [unique_id "aGGCT98ZUWE-JFfvKe2UywAAAAs"]
[Sun Jun 29 20:13:35.389784 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.zip"] [unique_id "aGGCT98ZUWE-JFfvKe2UzAAAAAs"]
[Sun Jun 29 20:13:35.390119 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.zip"] [unique_id "aGGCT98ZUWE-JFfvKe2UzAAAAAs"]
[Sun Jun 29 20:13:35.390315 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.zip"] [unique_id "aGGCT98ZUWE-JFfvKe2UzAAAAAs"]
[Sun Jun 29 20:13:35.412347 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aGGCT98ZUWE-JFfvKe2UzQAAAAs"]
[Sun Jun 29 20:13:35.412591 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aGGCT98ZUWE-JFfvKe2UzQAAAAs"]
[Sun Jun 29 20:13:35.412781 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aGGCT98ZUWE-JFfvKe2UzQAAAAs"]
[Sun Jun 29 20:13:35.434875 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aGGCT98ZUWE-JFfvKe2UzgAAAAs"]
[Sun Jun 29 20:13:35.435110 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aGGCT98ZUWE-JFfvKe2UzgAAAAs"]
[Sun Jun 29 20:13:35.435287 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aGGCT98ZUWE-JFfvKe2UzgAAAAs"]
[Sun Jun 29 20:13:35.480529 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aGGCT98ZUWE-JFfvKe2U0AAAAAs"]
[Sun Jun 29 20:13:35.480786 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aGGCT98ZUWE-JFfvKe2U0AAAAAs"]
[Sun Jun 29 20:13:35.480972 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aGGCT98ZUWE-JFfvKe2U0AAAAAs"]
[Sun Jun 29 20:13:35.508294 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/.env"] [unique_id "aGGCT98ZUWE-JFfvKe2U0QAAAAs"]
[Sun Jun 29 20:13:35.508529 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/.env"] [unique_id "aGGCT98ZUWE-JFfvKe2U0QAAAAs"]
[Sun Jun 29 20:13:35.508712 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/.env"] [unique_id "aGGCT98ZUWE-JFfvKe2U0QAAAAs"]
[Sun Jun 29 20:13:35.530847 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aGGCT98ZUWE-JFfvKe2U0gAAAAs"]
[Sun Jun 29 20:13:35.531080 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aGGCT98ZUWE-JFfvKe2U0gAAAAs"]
[Sun Jun 29 20:13:35.531264 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aGGCT98ZUWE-JFfvKe2U0gAAAAs"]
[Sun Jun 29 20:13:35.553552 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U0wAAAAs"]
[Sun Jun 29 20:13:35.553796 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U0wAAAAs"]
[Sun Jun 29 20:13:35.553992 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U0wAAAAs"]
[Sun Jun 29 20:13:35.575987 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U1AAAAAs"]
[Sun Jun 29 20:13:35.576223 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U1AAAAAs"]
[Sun Jun 29 20:13:35.576413 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U1AAAAAs"]
[Sun Jun 29 20:13:35.598955 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U1QAAAAs"]
[Sun Jun 29 20:13:35.599198 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U1QAAAAs"]
[Sun Jun 29 20:13:35.599389 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U1QAAAAs"]
[Sun Jun 29 20:13:35.621274 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/backup"] [unique_id "aGGCT98ZUWE-JFfvKe2U1gAAAAs"]
[Sun Jun 29 20:13:35.621521 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/backup"] [unique_id "aGGCT98ZUWE-JFfvKe2U1gAAAAs"]
[Sun Jun 29 20:13:35.621746 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/backup"] [unique_id "aGGCT98ZUWE-JFfvKe2U1gAAAAs"]
[Sun Jun 29 20:13:35.643639 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGGCT98ZUWE-JFfvKe2U1wAAAAs"]
[Sun Jun 29 20:13:35.643886 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGGCT98ZUWE-JFfvKe2U1wAAAAs"]
[Sun Jun 29 20:13:35.644071 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGGCT98ZUWE-JFfvKe2U1wAAAAs"]
[Sun Jun 29 20:13:35.665913 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aGGCT98ZUWE-JFfvKe2U2AAAAAs"]
[Sun Jun 29 20:13:35.666070 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aGGCT98ZUWE-JFfvKe2U2AAAAAs"]
[Sun Jun 29 20:13:35.666308 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aGGCT98ZUWE-JFfvKe2U2AAAAAs"]
[Sun Jun 29 20:13:35.666516 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aGGCT98ZUWE-JFfvKe2U2AAAAAs"]
[Sun Jun 29 20:13:35.688424 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aGGCT98ZUWE-JFfvKe2U2QAAAAs"]
[Sun Jun 29 20:13:35.688580 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aGGCT98ZUWE-JFfvKe2U2QAAAAs"]
[Sun Jun 29 20:13:35.688798 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aGGCT98ZUWE-JFfvKe2U2QAAAAs"]
[Sun Jun 29 20:13:35.688973 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aGGCT98ZUWE-JFfvKe2U2QAAAAs"]
[Sun Jun 29 20:13:35.710993 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config~"] [unique_id "aGGCT98ZUWE-JFfvKe2U2gAAAAs"]
[Sun Jun 29 20:13:35.711232 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config~"] [unique_id "aGGCT98ZUWE-JFfvKe2U2gAAAAs"]
[Sun Jun 29 20:13:35.711415 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config~"] [unique_id "aGGCT98ZUWE-JFfvKe2U2gAAAAs"]
[Sun Jun 29 20:13:35.733325 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U2wAAAAs"]
[Sun Jun 29 20:13:35.733475 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/db.sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U2wAAAAs"]
[Sun Jun 29 20:13:35.733714 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U2wAAAAs"]
[Sun Jun 29 20:13:35.733927 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U2wAAAAs"]
[Sun Jun 29 20:13:35.755875 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aGGCT98ZUWE-JFfvKe2U3AAAAAs"]
[Sun Jun 29 20:13:35.756121 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aGGCT98ZUWE-JFfvKe2U3AAAAAs"]
[Sun Jun 29 20:13:35.756305 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aGGCT98ZUWE-JFfvKe2U3AAAAAs"]
[Sun Jun 29 20:13:35.778200 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U3QAAAAs"]
[Sun Jun 29 20:13:35.778402 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/dump.sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U3QAAAAs"]
[Sun Jun 29 20:13:35.778645 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U3QAAAAs"]
[Sun Jun 29 20:13:35.778826 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aGGCT98ZUWE-JFfvKe2U3QAAAAs"]
[Sun Jun 29 20:13:35.801125 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/execute.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/execute.php"] [unique_id "aGGCT98ZUWE-JFfvKe2U3gAAAAs"]
[Sun Jun 29 20:13:35.801397 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/execute.php"] [unique_id "aGGCT98ZUWE-JFfvKe2U3gAAAAs"]
[Sun Jun 29 20:13:35.801588 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/execute.php"] [unique_id "aGGCT98ZUWE-JFfvKe2U3gAAAAs"]
[Sun Jun 29 20:13:35.832545 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aGGCT98ZUWE-JFfvKe2U3wAAAAs"]
[Sun Jun 29 20:13:35.832811 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aGGCT98ZUWE-JFfvKe2U3wAAAAs"]
[Sun Jun 29 20:13:35.833024 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aGGCT98ZUWE-JFfvKe2U3wAAAAs"]
[Sun Jun 29 20:13:35.865531 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aGGCT98ZUWE-JFfvKe2U4AAAAAs"]
[Sun Jun 29 20:13:35.865783 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aGGCT98ZUWE-JFfvKe2U4AAAAAs"]
[Sun Jun 29 20:13:35.865991 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aGGCT98ZUWE-JFfvKe2U4AAAAAs"]
[Sun Jun 29 20:13:35.913054 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-push"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aGGCT98ZUWE-JFfvKe2U4QAAAAs"]
[Sun Jun 29 20:13:35.913349 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aGGCT98ZUWE-JFfvKe2U4QAAAAs"]
[Sun Jun 29 20:13:35.913555 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aGGCT98ZUWE-JFfvKe2U4QAAAAs"]
[Sun Jun 29 20:13:35.936114 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aGGCT98ZUWE-JFfvKe2U4gAAAAs"]
[Sun Jun 29 20:13:35.936386 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aGGCT98ZUWE-JFfvKe2U4gAAAAs"]
[Sun Jun 29 20:13:35.936574 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aGGCT98ZUWE-JFfvKe2U4gAAAAs"]
[Sun Jun 29 20:13:35.971568 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aGGCT98ZUWE-JFfvKe2U4wAAAAs"]
[Sun Jun 29 20:13:35.971821 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aGGCT98ZUWE-JFfvKe2U4wAAAAs"]
[Sun Jun 29 20:13:35.972009 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aGGCT98ZUWE-JFfvKe2U4wAAAAs"]
[Sun Jun 29 20:13:35.993900 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U5AAAAAs"]
[Sun Jun 29 20:13:35.994152 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U5AAAAAs"]
[Sun Jun 29 20:13:35.994353 2025] [:error] [pid 3205369] [client 185.177.72.107:22298] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aGGCT98ZUWE-JFfvKe2U5AAAAAs"]
[Sun Jun 29 20:13:44.644767 2025] [:error] [pid 3059541] [client 185.177.72.107:22382] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/HEAD"] [unique_id "aGGCWKAIGT5SiqI9BxP-YgAAAAc"]
[Sun Jun 29 20:13:44.645027 2025] [:error] [pid 3059541] [client 185.177.72.107:22382] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/HEAD"] [unique_id "aGGCWKAIGT5SiqI9BxP-YgAAAAc"]
[Sun Jun 29 20:13:44.645224 2025] [:error] [pid 3059541] [client 185.177.72.107:22382] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/HEAD"] [unique_id "aGGCWKAIGT5SiqI9BxP-YgAAAAc"]
[Sun Jun 29 20:13:58.705222 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aGGCZn3T5w8Ph4-X-hFF0gAAAAQ"]
[Sun Jun 29 20:13:58.705479 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aGGCZn3T5w8Ph4-X-hFF0gAAAAQ"]
[Sun Jun 29 20:13:58.705671 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aGGCZn3T5w8Ph4-X-hFF0gAAAAQ"]
[Sun Jun 29 20:13:58.810900 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF0wAAAAQ"]
[Sun Jun 29 20:13:58.811157 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF0wAAAAQ"]
[Sun Jun 29 20:13:58.811349 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF0wAAAAQ"]
[Sun Jun 29 20:13:58.831722 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1AAAAAQ"]
[Sun Jun 29 20:13:58.831968 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1AAAAAQ"]
[Sun Jun 29 20:13:58.832157 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1AAAAAQ"]
[Sun Jun 29 20:13:58.852314 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1QAAAAQ"]
[Sun Jun 29 20:13:58.852563 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1QAAAAQ"]
[Sun Jun 29 20:13:58.852767 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1QAAAAQ"]
[Sun Jun 29 20:13:58.873111 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1gAAAAQ"]
[Sun Jun 29 20:13:58.873355 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1gAAAAQ"]
[Sun Jun 29 20:13:58.873549 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1gAAAAQ"]
[Sun Jun 29 20:13:58.893713 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1wAAAAQ"]
[Sun Jun 29 20:13:58.893955 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1wAAAAQ"]
[Sun Jun 29 20:13:58.894154 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aGGCZn3T5w8Ph4-X-hFF1wAAAAQ"]
[Sun Jun 29 20:13:58.924077 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/main"] [unique_id "aGGCZn3T5w8Ph4-X-hFF2AAAAAQ"]
[Sun Jun 29 20:13:58.924317 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/main"] [unique_id "aGGCZn3T5w8Ph4-X-hFF2AAAAAQ"]
[Sun Jun 29 20:13:58.924515 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/main"] [unique_id "aGGCZn3T5w8Ph4-X-hFF2AAAAAQ"]
[Sun Jun 29 20:13:59.037460 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/master"] [unique_id "aGGCZ33T5w8Ph4-X-hFF2QAAAAQ"]
[Sun Jun 29 20:13:59.037707 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/master"] [unique_id "aGGCZ33T5w8Ph4-X-hFF2QAAAAQ"]
[Sun Jun 29 20:13:59.037938 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/master"] [unique_id "aGGCZ33T5w8Ph4-X-hFF2QAAAAQ"]
[Sun Jun 29 20:13:59.103174 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/stash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aGGCZ33T5w8Ph4-X-hFF2gAAAAQ"]
[Sun Jun 29 20:13:59.103418 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aGGCZ33T5w8Ph4-X-hFF2gAAAAQ"]
[Sun Jun 29 20:13:59.103619 2025] [:error] [pid 2967922] [client 185.177.72.107:47886] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aGGCZ33T5w8Ph4-X-hFF2gAAAAQ"]
[Sun Jun 29 20:14:08.250604 2025] [:error] [pid 2967921] [client 185.177.72.107:14128] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/shell.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/shell.php"] [unique_id "aGGCcA5w_kdDrMZHVfsRHAAAAAM"]
[Sun Jun 29 20:14:08.250880 2025] [:error] [pid 2967921] [client 185.177.72.107:14128] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/shell.php"] [unique_id "aGGCcA5w_kdDrMZHVfsRHAAAAAM"]
[Sun Jun 29 20:14:08.251069 2025] [:error] [pid 2967921] [client 185.177.72.107:14128] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/shell.php"] [unique_id "aGGCcA5w_kdDrMZHVfsRHAAAAAM"]
[Sun Jun 29 20:14:22.769824 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGGCfq1XEc-sC3fb0P3MVAAAAAI"]
[Sun Jun 29 20:14:22.770069 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGGCfq1XEc-sC3fb0P3MVAAAAAI"]
[Sun Jun 29 20:14:22.770269 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGGCfq1XEc-sC3fb0P3MVAAAAAI"]
[Sun Jun 29 20:14:23.051061 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.hg/ found within REQUEST_FILENAME: /.hg/hgrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/hgrc"] [unique_id "aGGCf61XEc-sC3fb0P3MVwAAAAI"]
[Sun Jun 29 20:14:23.051297 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/hgrc"] [unique_id "aGGCf61XEc-sC3fb0P3MVwAAAAI"]
[Sun Jun 29 20:14:23.051508 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/hgrc"] [unique_id "aGGCf61XEc-sC3fb0P3MVwAAAAI"]
[Sun Jun 29 20:14:23.301994 2025] [authz_core:error] [pid 2967920] [client 185.177.72.107:19910] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htaccess
[Sun Jun 29 20:14:23.388715 2025] [authz_core:error] [pid 2967920] [client 185.177.72.107:19910] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htpasswd
[Sun Jun 29 20:14:23.434915 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".mysql_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .mysql_history found within REQUEST_FILENAME: /.mysql_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.mysql_history"] [unique_id "aGGCf61XEc-sC3fb0P3MXAAAAAI"]
[Sun Jun 29 20:14:23.435145 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.mysql_history"] [unique_id "aGGCf61XEc-sC3fb0P3MXAAAAAI"]
[Sun Jun 29 20:14:23.435328 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.mysql_history"] [unique_id "aGGCf61XEc-sC3fb0P3MXAAAAAI"]
[Sun Jun 29 20:14:23.457770 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".netrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .netrc found within REQUEST_FILENAME: /.netrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aGGCf61XEc-sC3fb0P3MXQAAAAI"]
[Sun Jun 29 20:14:23.458012 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aGGCf61XEc-sC3fb0P3MXQAAAAI"]
[Sun Jun 29 20:14:23.458202 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aGGCf61XEc-sC3fb0P3MXQAAAAI"]
[Sun Jun 29 20:14:23.627304 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.s3cfg.bak"] [unique_id "aGGCf61XEc-sC3fb0P3MZAAAAAI"]
[Sun Jun 29 20:14:23.627662 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.s3cfg.bak"] [unique_id "aGGCf61XEc-sC3fb0P3MZAAAAAI"]
[Sun Jun 29 20:14:23.627859 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.s3cfg.bak"] [unique_id "aGGCf61XEc-sC3fb0P3MZAAAAAI"]
[Sun Jun 29 20:14:23.659409 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.s3cfg.old"] [unique_id "aGGCf61XEc-sC3fb0P3MZQAAAAI"]
[Sun Jun 29 20:14:23.659757 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.s3cfg.old"] [unique_id "aGGCf61XEc-sC3fb0P3MZQAAAAI"]
[Sun Jun 29 20:14:23.659960 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.s3cfg.old"] [unique_id "aGGCf61XEc-sC3fb0P3MZQAAAAI"]
[Sun Jun 29 20:14:28.597331 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aGGChK1XEc-sC3fb0P3MagAAAAI"]
[Sun Jun 29 20:14:28.597622 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aGGChK1XEc-sC3fb0P3MagAAAAI"]
[Sun Jun 29 20:14:28.597837 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aGGChK1XEc-sC3fb0P3MagAAAAI"]
[Sun Jun 29 20:14:28.621253 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aGGChK1XEc-sC3fb0P3MawAAAAI"]
[Sun Jun 29 20:14:28.621495 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aGGChK1XEc-sC3fb0P3MawAAAAI"]
[Sun Jun 29 20:14:28.621704 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aGGChK1XEc-sC3fb0P3MawAAAAI"]
[Sun Jun 29 20:14:28.644101 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aGGChK1XEc-sC3fb0P3MbAAAAAI"]
[Sun Jun 29 20:14:28.644366 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aGGChK1XEc-sC3fb0P3MbAAAAAI"]
[Sun Jun 29 20:14:28.644557 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aGGChK1XEc-sC3fb0P3MbAAAAAI"]
[Sun Jun 29 20:14:33.483917 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".zsh_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .zsh_history found within REQUEST_FILENAME: /.zsh_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aGGCia1XEc-sC3fb0P3McgAAAAI"]
[Sun Jun 29 20:14:33.484158 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aGGCia1XEc-sC3fb0P3McgAAAAI"]
[Sun Jun 29 20:14:33.484372 2025] [:error] [pid 2967920] [client 185.177.72.107:19910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aGGCia1XEc-sC3fb0P3McgAAAAI"]
[Sun Jun 29 20:14:55.494558 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/access.log"] [unique_id "aGGCn_U4kcQDYAJF_ch6_QAAAAo"]
[Sun Jun 29 20:14:55.494910 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/access.log"] [unique_id "aGGCn_U4kcQDYAJF_ch6_QAAAAo"]
[Sun Jun 29 20:14:55.495090 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/access.log"] [unique_id "aGGCn_U4kcQDYAJF_ch6_QAAAAo"]
[Sun Jun 29 20:14:55.593293 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGGCn_U4kcQDYAJF_ch7AQAAAAo"]
[Sun Jun 29 20:14:55.593533 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGGCn_U4kcQDYAJF_ch7AQAAAAo"]
[Sun Jun 29 20:14:55.593712 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGGCn_U4kcQDYAJF_ch7AQAAAAo"]
[Sun Jun 29 20:14:55.648733 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aGGCn_U4kcQDYAJF_ch7AgAAAAo"]
[Sun Jun 29 20:14:55.648892 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aGGCn_U4kcQDYAJF_ch7AgAAAAo"]
[Sun Jun 29 20:14:55.649120 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aGGCn_U4kcQDYAJF_ch7AgAAAAo"]
[Sun Jun 29 20:14:55.649305 2025] [:error] [pid 3205368] [client 185.177.72.107:35796] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aGGCn_U4kcQDYAJF_ch7AgAAAAo"]
[Sun Jun 29 20:15:04.909326 2025] [:error] [pid 2968165] [client 185.177.72.107:36646] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aGGCqOU-dj-hWt1UAd7gbAAAAAU"]
[Sun Jun 29 20:15:04.909511 2025] [:error] [pid 2968165] [client 185.177.72.107:36646] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aGGCqOU-dj-hWt1UAd7gbAAAAAU"]
[Sun Jun 29 20:15:04.909762 2025] [:error] [pid 2968165] [client 185.177.72.107:36646] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aGGCqOU-dj-hWt1UAd7gbAAAAAU"]
[Sun Jun 29 20:15:04.910026 2025] [:error] [pid 2968165] [client 185.177.72.107:36646] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aGGCqOU-dj-hWt1UAd7gbAAAAAU"]
[Sun Jun 29 20:15:15.879505 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env~"] [unique_id "aGGCs3tTxOj9v32ojom5xQAAAAE"]
[Sun Jun 29 20:15:15.880658 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env~"] [unique_id "aGGCs3tTxOj9v32ojom5xQAAAAE"]
[Sun Jun 29 20:15:15.880869 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env~"] [unique_id "aGGCs3tTxOj9v32ojom5xQAAAAE"]
[Sun Jun 29 20:15:16.033531 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/"] [unique_id "aGGCtHtTxOj9v32ojom5xgAAAAE"]
[Sun Jun 29 20:15:16.033768 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/"] [unique_id "aGGCtHtTxOj9v32ojom5xgAAAAE"]
[Sun Jun 29 20:15:16.033953 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/"] [unique_id "aGGCtHtTxOj9v32ojom5xgAAAAE"]
[Sun Jun 29 20:15:16.057281 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/HEAD"] [unique_id "aGGCtHtTxOj9v32ojom5xwAAAAE"]
[Sun Jun 29 20:15:16.057523 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/HEAD"] [unique_id "aGGCtHtTxOj9v32ojom5xwAAAAE"]
[Sun Jun 29 20:15:16.057710 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/HEAD"] [unique_id "aGGCtHtTxOj9v32ojom5xwAAAAE"]
[Sun Jun 29 20:15:16.079870 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "aGGCtHtTxOj9v32ojom5yAAAAAE"]
[Sun Jun 29 20:15:16.080123 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "aGGCtHtTxOj9v32ojom5yAAAAAE"]
[Sun Jun 29 20:15:16.080308 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/config"] [unique_id "aGGCtHtTxOj9v32ojom5yAAAAAE"]
[Sun Jun 29 20:15:16.102322 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /admin/.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/logs/HEAD"] [unique_id "aGGCtHtTxOj9v32ojom5yQAAAAE"]
[Sun Jun 29 20:15:16.102591 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/logs/HEAD"] [unique_id "aGGCtHtTxOj9v32ojom5yQAAAAE"]
[Sun Jun 29 20:15:16.102770 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.git/logs/HEAD"] [unique_id "aGGCtHtTxOj9v32ojom5yQAAAAE"]
[Sun Jun 29 20:15:16.124883 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /admin/.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.gitignore"] [unique_id "aGGCtHtTxOj9v32ojom5ygAAAAE"]
[Sun Jun 29 20:15:16.125122 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.gitignore"] [unique_id "aGGCtHtTxOj9v32ojom5ygAAAAE"]
[Sun Jun 29 20:15:16.125306 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.gitignore"] [unique_id "aGGCtHtTxOj9v32ojom5ygAAAAE"]
[Sun Jun 29 20:15:16.147180 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/access.log"] [unique_id "aGGCtHtTxOj9v32ojom5ywAAAAE"]
[Sun Jun 29 20:15:16.147512 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/access.log"] [unique_id "aGGCtHtTxOj9v32ojom5ywAAAAE"]
[Sun Jun 29 20:15:16.147716 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/access.log"] [unique_id "aGGCtHtTxOj9v32ojom5ywAAAAE"]
[Sun Jun 29 20:15:16.215791 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/app.js.bak"] [unique_id "aGGCtHtTxOj9v32ojom5zgAAAAE"]
[Sun Jun 29 20:15:16.216157 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/app.js.bak"] [unique_id "aGGCtHtTxOj9v32ojom5zgAAAAE"]
[Sun Jun 29 20:15:16.216363 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/app.js.bak"] [unique_id "aGGCtHtTxOj9v32ojom5zgAAAAE"]
[Sun Jun 29 20:15:16.238300 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/backup.sql"] [unique_id "aGGCtHtTxOj9v32ojom5zwAAAAE"]
[Sun Jun 29 20:15:16.238670 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/backup.sql"] [unique_id "aGGCtHtTxOj9v32ojom5zwAAAAE"]
[Sun Jun 29 20:15:16.238865 2025] [:error] [pid 2967919] [client 185.177.72.107:22910] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/backup.sql"] [unique_id "aGGCtHtTxOj9v32ojom5zwAAAAE"]
[Sun Jun 29 20:15:26.765538 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/config.php.bak"] [unique_id "aGGCvnN4YZunzJSJCzJ6OAAAAAY"]
[Sun Jun 29 20:15:26.765948 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/config.php.bak"] [unique_id "aGGCvnN4YZunzJSJCzJ6OAAAAAY"]
[Sun Jun 29 20:15:26.766124 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/config.php.bak"] [unique_id "aGGCvnN4YZunzJSJCzJ6OAAAAAY"]
[Sun Jun 29 20:15:26.948180 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.sql"] [unique_id "aGGCvnN4YZunzJSJCzJ6PgAAAAY"]
[Sun Jun 29 20:15:26.948537 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.sql"] [unique_id "aGGCvnN4YZunzJSJCzJ6PgAAAAY"]
[Sun Jun 29 20:15:26.948736 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.sql"] [unique_id "aGGCvnN4YZunzJSJCzJ6PgAAAAY"]
[Sun Jun 29 20:15:27.072201 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug.log"] [unique_id "aGGCv3N4YZunzJSJCzJ6QgAAAAY"]
[Sun Jun 29 20:15:27.072551 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug.log"] [unique_id "aGGCv3N4YZunzJSJCzJ6QgAAAAY"]
[Sun Jun 29 20:15:27.072730 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug.log"] [unique_id "aGGCv3N4YZunzJSJCzJ6QgAAAAY"]
[Sun Jun 29 20:15:27.136292 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug"] [unique_id "aGGCv3N4YZunzJSJCzJ6RAAAAAY"]
[Sun Jun 29 20:15:27.136702 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug"] [unique_id "aGGCv3N4YZunzJSJCzJ6RAAAAAY"]
[Sun Jun 29 20:15:27.136907 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug"] [unique_id "aGGCv3N4YZunzJSJCzJ6RAAAAAY"]
[Sun Jun 29 20:15:27.227842 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/dump.sql"] [unique_id "aGGCv3N4YZunzJSJCzJ6RQAAAAY"]
[Sun Jun 29 20:15:27.228178 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/dump.sql"] [unique_id "aGGCv3N4YZunzJSJCzJ6RQAAAAY"]
[Sun Jun 29 20:15:27.228366 2025] [:error] [pid 3059540] [client 185.177.72.107:57800] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/dump.sql"] [unique_id "aGGCv3N4YZunzJSJCzJ6RQAAAAY"]
[Sun Jun 29 20:15:36.900395 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/error.log"] [unique_id "aGGCyN8ZUWE-JFfvKe2U5QAAAAs"]
[Sun Jun 29 20:15:36.900770 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/error.log"] [unique_id "aGGCyN8ZUWE-JFfvKe2U5QAAAAs"]
[Sun Jun 29 20:15:36.900966 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/error.log"] [unique_id "aGGCyN8ZUWE-JFfvKe2U5QAAAAs"]
[Sun Jun 29 20:15:37.171740 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/logs/error.log"] [unique_id "aGGCyd8ZUWE-JFfvKe2U7QAAAAs"]
[Sun Jun 29 20:15:37.172066 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/logs/error.log"] [unique_id "aGGCyd8ZUWE-JFfvKe2U7QAAAAs"]
[Sun Jun 29 20:15:37.172239 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/logs/error.log"] [unique_id "aGGCyd8ZUWE-JFfvKe2U7QAAAAs"]
[Sun Jun 29 20:15:37.457756 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/site.conf"] [unique_id "aGGCyd8ZUWE-JFfvKe2U-AAAAAs"]
[Sun Jun 29 20:15:37.458116 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/site.conf"] [unique_id "aGGCyd8ZUWE-JFfvKe2U-AAAAAs"]
[Sun Jun 29 20:15:37.458301 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/site.conf"] [unique_id "aGGCyd8ZUWE-JFfvKe2U-AAAAAs"]
[Sun Jun 29 20:15:37.480925 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/site.sql"] [unique_id "aGGCyd8ZUWE-JFfvKe2U-QAAAAs"]
[Sun Jun 29 20:15:37.481288 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/site.sql"] [unique_id "aGGCyd8ZUWE-JFfvKe2U-QAAAAs"]
[Sun Jun 29 20:15:37.481476 2025] [:error] [pid 3205369] [client 185.177.72.107:38128] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/site.sql"] [unique_id "aGGCyd8ZUWE-JFfvKe2U-QAAAAs"]
[Sun Jun 29 20:15:51.955314 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/test"] [unique_id "aGGC16AIGT5SiqI9BxP-ZAAAAAc"]
[Sun Jun 29 20:15:51.955723 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/test"] [unique_id "aGGC16AIGT5SiqI9BxP-ZAAAAAc"]
[Sun Jun 29 20:15:51.955915 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/test"] [unique_id "aGGC16AIGT5SiqI9BxP-ZAAAAAc"]
[Sun Jun 29 20:15:51.976042 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /admin/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/wp-config.php"] [unique_id "aGGC16AIGT5SiqI9BxP-ZQAAAAc"]
[Sun Jun 29 20:15:51.976290 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/wp-config.php"] [unique_id "aGGC16AIGT5SiqI9BxP-ZQAAAAc"]
[Sun Jun 29 20:15:51.976479 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/wp-config.php"] [unique_id "aGGC16AIGT5SiqI9BxP-ZQAAAAc"]
[Sun Jun 29 20:15:51.996646 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/wp-config.php.old"] [unique_id "aGGC16AIGT5SiqI9BxP-ZgAAAAc"]
[Sun Jun 29 20:15:51.996806 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /admin/wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/wp-config.php.old"] [unique_id "aGGC16AIGT5SiqI9BxP-ZgAAAAc"]
[Sun Jun 29 20:15:51.997035 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/wp-config.php.old"] [unique_id "aGGC16AIGT5SiqI9BxP-ZgAAAAc"]
[Sun Jun 29 20:15:51.997221 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/wp-config.php.old"] [unique_id "aGGC16AIGT5SiqI9BxP-ZgAAAAc"]
[Sun Jun 29 20:15:52.038587 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aGGC2KAIGT5SiqI9BxP-aAAAAAc"]
[Sun Jun 29 20:15:52.038830 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aGGC2KAIGT5SiqI9BxP-aAAAAAc"]
[Sun Jun 29 20:15:52.039023 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aGGC2KAIGT5SiqI9BxP-aAAAAAc"]
[Sun Jun 29 20:15:52.059126 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/apache.conf"] [unique_id "aGGC2KAIGT5SiqI9BxP-aQAAAAc"]
[Sun Jun 29 20:15:52.059472 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apache.conf"] [unique_id "aGGC2KAIGT5SiqI9BxP-aQAAAAc"]
[Sun Jun 29 20:15:52.059663 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apache.conf"] [unique_id "aGGC2KAIGT5SiqI9BxP-aQAAAAc"]
[Sun Jun 29 20:15:52.101260 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env"] [unique_id "aGGC2KAIGT5SiqI9BxP-awAAAAc"]
[Sun Jun 29 20:15:52.101490 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env"] [unique_id "aGGC2KAIGT5SiqI9BxP-awAAAAc"]
[Sun Jun 29 20:15:52.101705 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env"] [unique_id "aGGC2KAIGT5SiqI9BxP-awAAAAc"]
[Sun Jun 29 20:15:52.142793 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aGGC2KAIGT5SiqI9BxP-bAAAAAc"]
[Sun Jun 29 20:15:52.142956 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aGGC2KAIGT5SiqI9BxP-bAAAAAc"]
[Sun Jun 29 20:15:52.143180 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aGGC2KAIGT5SiqI9BxP-bAAAAAc"]
[Sun Jun 29 20:15:52.143383 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aGGC2KAIGT5SiqI9BxP-bAAAAAc"]
[Sun Jun 29 20:15:52.238224 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.dev"] [unique_id "aGGC2KAIGT5SiqI9BxP-bQAAAAc"]
[Sun Jun 29 20:15:52.238506 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.dev"] [unique_id "aGGC2KAIGT5SiqI9BxP-bQAAAAc"]
[Sun Jun 29 20:15:52.238704 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.dev"] [unique_id "aGGC2KAIGT5SiqI9BxP-bQAAAAc"]
[Sun Jun 29 20:15:52.262610 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.local"] [unique_id "aGGC2KAIGT5SiqI9BxP-bgAAAAc"]
[Sun Jun 29 20:15:52.262851 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.local"] [unique_id "aGGC2KAIGT5SiqI9BxP-bgAAAAc"]
[Sun Jun 29 20:15:52.263034 2025] [:error] [pid 3059541] [client 185.177.72.107:57080] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.local"] [unique_id "aGGC2KAIGT5SiqI9BxP-bgAAAAc"]
[Sun Jun 29 20:16:08.494551 2025] [:error] [pid 2967922] [client 185.177.72.107:24744] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.staging"] [unique_id "aGGC6H3T5w8Ph4-X-hFF2wAAAAQ"]
[Sun Jun 29 20:16:08.494806 2025] [:error] [pid 2967922] [client 185.177.72.107:24744] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.staging"] [unique_id "aGGC6H3T5w8Ph4-X-hFF2wAAAAQ"]
[Sun Jun 29 20:16:08.494988 2025] [:error] [pid 2967922] [client 185.177.72.107:24744] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.staging"] [unique_id "aGGC6H3T5w8Ph4-X-hFF2wAAAAQ"]
[Sun Jun 29 20:16:24.393236 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGGC-A5w_kdDrMZHVfsRHgAAAAM"]
[Sun Jun 29 20:16:24.393477 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGGC-A5w_kdDrMZHVfsRHgAAAAM"]
[Sun Jun 29 20:16:24.393652 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGGC-A5w_kdDrMZHVfsRHgAAAAM"]
[Sun Jun 29 20:16:25.409116 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /api/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMAAAAAM"]
[Sun Jun 29 20:16:25.409384 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMAAAAAM"]
[Sun Jun 29 20:16:25.409578 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMAAAAAM"]
[Sun Jun 29 20:16:25.431730 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db.sql"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMQAAAAM"]
[Sun Jun 29 20:16:25.432076 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db.sql"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMQAAAAM"]
[Sun Jun 29 20:16:25.432271 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db.sql"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMQAAAAM"]
[Sun Jun 29 20:16:25.454666 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db_backup.sql"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMgAAAAM"]
[Sun Jun 29 20:16:25.455029 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db_backup.sql"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMgAAAAM"]
[Sun Jun 29 20:16:25.455222 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db_backup.sql"] [unique_id "aGGC-Q5w_kdDrMZHVfsRMgAAAAM"]
[Sun Jun 29 20:16:25.553565 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/api/debug"] [unique_id "aGGC-Q5w_kdDrMZHVfsRNgAAAAM"]
[Sun Jun 29 20:16:25.553994 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/debug"] [unique_id "aGGC-Q5w_kdDrMZHVfsRNgAAAAM"]
[Sun Jun 29 20:16:25.554192 2025] [:error] [pid 2967921] [client 185.177.72.107:44990] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/debug"] [unique_id "aGGC-Q5w_kdDrMZHVfsRNgAAAAM"]
[Sun Jun 29 20:16:36.082634 2025] [:error] [pid 2967918] [client 185.177.72.107:49330] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal-aws"] [unique_id "aGGDBDOxdet7QOoqVXWWCAAAAAA"]
[Sun Jun 29 20:16:36.083061 2025] [:error] [pid 2967918] [client 185.177.72.107:49330] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal-aws"] [unique_id "aGGDBDOxdet7QOoqVXWWCAAAAAA"]
[Sun Jun 29 20:16:36.083255 2025] [:error] [pid 2967918] [client 185.177.72.107:49330] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal-aws"] [unique_id "aGGDBDOxdet7QOoqVXWWCAAAAAA"]
[Sun Jun 29 20:16:50.935252 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aGGDEq1XEc-sC3fb0P3MjAAAAAI"]
[Sun Jun 29 20:16:50.935518 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aGGDEq1XEc-sC3fb0P3MjAAAAAI"]
[Sun Jun 29 20:16:50.935709 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aGGDEq1XEc-sC3fb0P3MjAAAAAI"]
[Sun Jun 29 20:16:51.002673 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aGGDE61XEc-sC3fb0P3MjgAAAAI"]
[Sun Jun 29 20:16:51.002942 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aGGDE61XEc-sC3fb0P3MjgAAAAI"]
[Sun Jun 29 20:16:51.003142 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aGGDE61XEc-sC3fb0P3MjgAAAAI"]
[Sun Jun 29 20:16:56.169128 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/proxy"] [unique_id "aGGDGK1XEc-sC3fb0P3MngAAAAI"]
[Sun Jun 29 20:16:56.169752 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/proxy"] [unique_id "aGGDGK1XEc-sC3fb0P3MngAAAAI"]
[Sun Jun 29 20:16:56.170015 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/proxy"] [unique_id "aGGDGK1XEc-sC3fb0P3MngAAAAI"]
[Sun Jun 29 20:16:56.747409 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app.js.bak"] [unique_id "aGGDGK1XEc-sC3fb0P3MpQAAAAI"]
[Sun Jun 29 20:16:56.747732 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app.js.bak"] [unique_id "aGGDGK1XEc-sC3fb0P3MpQAAAAI"]
[Sun Jun 29 20:16:56.747912 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app.js.bak"] [unique_id "aGGDGK1XEc-sC3fb0P3MpQAAAAI"]
[Sun Jun 29 20:16:56.846785 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGGDGK1XEc-sC3fb0P3MqAAAAAI"]
[Sun Jun 29 20:16:56.847021 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGGDGK1XEc-sC3fb0P3MqAAAAAI"]
[Sun Jun 29 20:16:56.847207 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGGDGK1XEc-sC3fb0P3MqAAAAAI"]
[Sun Jun 29 20:16:56.902774 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aGGDGK1XEc-sC3fb0P3MqQAAAAI"]
[Sun Jun 29 20:16:56.903023 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aGGDGK1XEc-sC3fb0P3MqQAAAAI"]
[Sun Jun 29 20:16:56.903236 2025] [:error] [pid 2967920] [client 185.177.72.107:24254] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aGGDGK1XEc-sC3fb0P3MqQAAAAI"]
[Sun Jun 29 20:17:12.701998 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGGDKPU4kcQDYAJF_ch7BAAAAAo"]
[Sun Jun 29 20:17:12.702249 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGGDKPU4kcQDYAJF_ch7BAAAAAo"]
[Sun Jun 29 20:17:12.702451 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aGGDKPU4kcQDYAJF_ch7BAAAAAo"]
[Sun Jun 29 20:17:12.731574 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGGDKPU4kcQDYAJF_ch7BQAAAAo"]
[Sun Jun 29 20:17:12.731834 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGGDKPU4kcQDYAJF_ch7BQAAAAo"]
[Sun Jun 29 20:17:12.732016 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGGDKPU4kcQDYAJF_ch7BQAAAAo"]
[Sun Jun 29 20:17:12.881457 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:target. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:target: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-admin"] [unique_id "aGGDKPU4kcQDYAJF_ch7CgAAAAo"]
[Sun Jun 29 20:17:12.881878 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-admin"] [unique_id "aGGDKPU4kcQDYAJF_ch7CgAAAAo"]
[Sun Jun 29 20:17:12.882070 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-admin"] [unique_id "aGGDKPU4kcQDYAJF_ch7CgAAAAo"]
[Sun Jun 29 20:17:12.911299 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-api"] [unique_id "aGGDKPU4kcQDYAJF_ch7CwAAAAo"]
[Sun Jun 29 20:17:12.911714 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-api"] [unique_id "aGGDKPU4kcQDYAJF_ch7CwAAAAo"]
[Sun Jun 29 20:17:12.911899 2025] [:error] [pid 3205368] [client 185.177.72.107:50340] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-api"] [unique_id "aGGDKPU4kcQDYAJF_ch7CwAAAAo"]
[Sun Jun 29 20:17:22.565072 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aGGDMuU-dj-hWt1UAd7gbQAAAAU"]
[Sun Jun 29 20:17:22.565327 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aGGDMuU-dj-hWt1UAd7gbQAAAAU"]
[Sun Jun 29 20:17:22.565494 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aGGDMuU-dj-hWt1UAd7gbQAAAAU"]
[Sun Jun 29 20:17:22.668075 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.prod"] [unique_id "aGGDMuU-dj-hWt1UAd7gbgAAAAU"]
[Sun Jun 29 20:17:22.668302 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.prod"] [unique_id "aGGDMuU-dj-hWt1UAd7gbgAAAAU"]
[Sun Jun 29 20:17:22.668490 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.prod"] [unique_id "aGGDMuU-dj-hWt1UAd7gbgAAAAU"]
[Sun Jun 29 20:17:22.791821 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env.ses"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.ses"] [unique_id "aGGDMuU-dj-hWt1UAd7gbwAAAAU"]
[Sun Jun 29 20:17:22.792049 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.ses"] [unique_id "aGGDMuU-dj-hWt1UAd7gbwAAAAU"]
[Sun Jun 29 20:17:22.792230 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.ses"] [unique_id "aGGDMuU-dj-hWt1UAd7gbwAAAAU"]
[Sun Jun 29 20:17:23.238673 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/config.ini"] [unique_id "aGGDM-U-dj-hWt1UAd7gfAAAAAU"]
[Sun Jun 29 20:17:23.239005 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/config.ini"] [unique_id "aGGDM-U-dj-hWt1UAd7gfAAAAAU"]
[Sun Jun 29 20:17:23.239186 2025] [:error] [pid 2968165] [client 185.177.72.107:37624] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/config.ini"] [unique_id "aGGDM-U-dj-hWt1UAd7gfAAAAAU"]
[Sun Jun 29 20:17:34.311359 2025] [:error] [pid 2967919] [client 185.177.72.107:52614] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/s3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/.env"] [unique_id "aGGDPntTxOj9v32ojom55AAAAAE"]
[Sun Jun 29 20:17:34.311610 2025] [:error] [pid 2967919] [client 185.177.72.107:52614] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/.env"] [unique_id "aGGDPntTxOj9v32ojom55AAAAAE"]
[Sun Jun 29 20:17:34.311821 2025] [:error] [pid 2967919] [client 185.177.72.107:52614] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/.env"] [unique_id "aGGDPntTxOj9v32ojom55AAAAAE"]
[Sun Jun 29 20:17:34.374091 2025] [:error] [pid 2967919] [client 185.177.72.107:52614] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/credentials.bak"] [unique_id "aGGDPntTxOj9v32ojom55gAAAAE"]
[Sun Jun 29 20:17:34.374456 2025] [:error] [pid 2967919] [client 185.177.72.107:52614] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/credentials.bak"] [unique_id "aGGDPntTxOj9v32ojom55gAAAAE"]
[Sun Jun 29 20:17:34.374672 2025] [:error] [pid 2967919] [client 185.177.72.107:52614] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/credentials.bak"] [unique_id "aGGDPntTxOj9v32ojom55gAAAAE"]
[Sun Jun 29 20:17:54.594150 2025] [:error] [pid 3059540] [client 185.177.72.107:29404] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aGGDUnN4YZunzJSJCzJ6YAAAAAY"]
[Sun Jun 29 20:17:54.594426 2025] [:error] [pid 3059540] [client 185.177.72.107:29404] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aGGDUnN4YZunzJSJCzJ6YAAAAAY"]
[Sun Jun 29 20:17:54.594632 2025] [:error] [pid 3059540] [client 185.177.72.107:29404] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aGGDUnN4YZunzJSJCzJ6YAAAAAY"]
[Sun Jun 29 20:17:54.638388 2025] [:error] [pid 3059540] [client 185.177.72.107:29404] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGGDUnN4YZunzJSJCzJ6YgAAAAY"]
[Sun Jun 29 20:17:54.638665 2025] [:error] [pid 3059540] [client 185.177.72.107:29404] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGGDUnN4YZunzJSJCzJ6YgAAAAY"]
[Sun Jun 29 20:17:54.638872 2025] [:error] [pid 3059540] [client 185.177.72.107:29404] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGGDUnN4YZunzJSJCzJ6YgAAAAY"]
[Sun Jun 29 20:18:14.443486 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aGGDZqAIGT5SiqI9BxP-bwAAAAc"]
[Sun Jun 29 20:18:14.443857 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aGGDZqAIGT5SiqI9BxP-bwAAAAc"]
[Sun Jun 29 20:18:14.444037 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aGGDZqAIGT5SiqI9BxP-bwAAAAc"]
[Sun Jun 29 20:18:14.527238 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aGGDZqAIGT5SiqI9BxP-cwAAAAc"]
[Sun Jun 29 20:18:14.527476 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aGGDZqAIGT5SiqI9BxP-cwAAAAc"]
[Sun Jun 29 20:18:14.527674 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aGGDZqAIGT5SiqI9BxP-cwAAAAc"]
[Sun Jun 29 20:18:14.547637 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.bak"] [unique_id "aGGDZqAIGT5SiqI9BxP-dAAAAAc"]
[Sun Jun 29 20:18:14.547793 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.bak"] [unique_id "aGGDZqAIGT5SiqI9BxP-dAAAAAc"]
[Sun Jun 29 20:18:14.548022 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.bak"] [unique_id "aGGDZqAIGT5SiqI9BxP-dAAAAAc"]
[Sun Jun 29 20:18:14.548208 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.bak"] [unique_id "aGGDZqAIGT5SiqI9BxP-dAAAAAc"]
[Sun Jun 29 20:18:14.568360 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "aGGDZqAIGT5SiqI9BxP-dQAAAAc"]
[Sun Jun 29 20:18:14.568632 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "aGGDZqAIGT5SiqI9BxP-dQAAAAc"]
[Sun Jun 29 20:18:14.568823 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.local"] [unique_id "aGGDZqAIGT5SiqI9BxP-dQAAAAc"]
[Sun Jun 29 20:18:14.588829 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.old"] [unique_id "aGGDZqAIGT5SiqI9BxP-dgAAAAc"]
[Sun Jun 29 20:18:14.589038 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.old"] [unique_id "aGGDZqAIGT5SiqI9BxP-dgAAAAc"]
[Sun Jun 29 20:18:14.589289 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.old"] [unique_id "aGGDZqAIGT5SiqI9BxP-dgAAAAc"]
[Sun Jun 29 20:18:14.589497 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.old"] [unique_id "aGGDZqAIGT5SiqI9BxP-dgAAAAc"]
[Sun Jun 29 20:18:14.609482 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.save"] [unique_id "aGGDZqAIGT5SiqI9BxP-dwAAAAc"]
[Sun Jun 29 20:18:14.609724 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.save"] [unique_id "aGGDZqAIGT5SiqI9BxP-dwAAAAc"]
[Sun Jun 29 20:18:14.609891 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env.save"] [unique_id "aGGDZqAIGT5SiqI9BxP-dwAAAAc"]
[Sun Jun 29 20:18:14.630088 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env~"] [unique_id "aGGDZqAIGT5SiqI9BxP-eAAAAAc"]
[Sun Jun 29 20:18:14.630330 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env~"] [unique_id "aGGDZqAIGT5SiqI9BxP-eAAAAAc"]
[Sun Jun 29 20:18:14.630545 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env~"] [unique_id "aGGDZqAIGT5SiqI9BxP-eAAAAAc"]
[Sun Jun 29 20:18:14.651397 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/"] [unique_id "aGGDZqAIGT5SiqI9BxP-eQAAAAc"]
[Sun Jun 29 20:18:14.651644 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/"] [unique_id "aGGDZqAIGT5SiqI9BxP-eQAAAAc"]
[Sun Jun 29 20:18:14.651830 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/"] [unique_id "aGGDZqAIGT5SiqI9BxP-eQAAAAc"]
[Sun Jun 29 20:18:14.674581 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/HEAD"] [unique_id "aGGDZqAIGT5SiqI9BxP-egAAAAc"]
[Sun Jun 29 20:18:14.674824 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/HEAD"] [unique_id "aGGDZqAIGT5SiqI9BxP-egAAAAc"]
[Sun Jun 29 20:18:14.674990 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/HEAD"] [unique_id "aGGDZqAIGT5SiqI9BxP-egAAAAc"]
[Sun Jun 29 20:18:14.695616 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "aGGDZqAIGT5SiqI9BxP-ewAAAAc"]
[Sun Jun 29 20:18:14.696092 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "aGGDZqAIGT5SiqI9BxP-ewAAAAc"]
[Sun Jun 29 20:18:14.696274 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/config"] [unique_id "aGGDZqAIGT5SiqI9BxP-ewAAAAc"]
[Sun Jun 29 20:18:14.731390 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /backup/.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/logs/HEAD"] [unique_id "aGGDZqAIGT5SiqI9BxP-fAAAAAc"]
[Sun Jun 29 20:18:14.731640 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/logs/HEAD"] [unique_id "aGGDZqAIGT5SiqI9BxP-fAAAAAc"]
[Sun Jun 29 20:18:14.731897 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.git/logs/HEAD"] [unique_id "aGGDZqAIGT5SiqI9BxP-fAAAAAc"]
[Sun Jun 29 20:18:14.753708 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /backup/.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.gitignore"] [unique_id "aGGDZqAIGT5SiqI9BxP-fQAAAAc"]
[Sun Jun 29 20:18:14.753938 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.gitignore"] [unique_id "aGGDZqAIGT5SiqI9BxP-fQAAAAc"]
[Sun Jun 29 20:18:14.754112 2025] [:error] [pid 3059541] [client 185.177.72.107:29174] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.gitignore"] [unique_id "aGGDZqAIGT5SiqI9BxP-fQAAAAc"]
[Sun Jun 29 20:18:28.822218 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/app.js.bak"] [unique_id "aGGDdH3T5w8Ph4-X-hFF6QAAAAQ"]
[Sun Jun 29 20:18:28.822623 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/app.js.bak"] [unique_id "aGGDdH3T5w8Ph4-X-hFF6QAAAAQ"]
[Sun Jun 29 20:18:28.822809 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/app.js.bak"] [unique_id "aGGDdH3T5w8Ph4-X-hFF6QAAAAQ"]
[Sun Jun 29 20:18:28.943785 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/backup.sql"] [unique_id "aGGDdH3T5w8Ph4-X-hFF6gAAAAQ"]
[Sun Jun 29 20:18:28.944135 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/backup.sql"] [unique_id "aGGDdH3T5w8Ph4-X-hFF6gAAAAQ"]
[Sun Jun 29 20:18:28.944345 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/backup.sql"] [unique_id "aGGDdH3T5w8Ph4-X-hFF6gAAAAQ"]
[Sun Jun 29 20:18:29.240954 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/config.php.bak"] [unique_id "aGGDdX3T5w8Ph4-X-hFF8AAAAAQ"]
[Sun Jun 29 20:18:29.241349 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/config.php.bak"] [unique_id "aGGDdX3T5w8Ph4-X-hFF8AAAAAQ"]
[Sun Jun 29 20:18:29.241568 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/config.php.bak"] [unique_id "aGGDdX3T5w8Ph4-X-hFF8AAAAAQ"]
[Sun Jun 29 20:18:29.299822 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/db.sql"] [unique_id "aGGDdX3T5w8Ph4-X-hFF8gAAAAQ"]
[Sun Jun 29 20:18:29.300177 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/db.sql"] [unique_id "aGGDdX3T5w8Ph4-X-hFF8gAAAAQ"]
[Sun Jun 29 20:18:29.300412 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/db.sql"] [unique_id "aGGDdX3T5w8Ph4-X-hFF8gAAAAQ"]
[Sun Jun 29 20:18:29.358912 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/debug.log"] [unique_id "aGGDdX3T5w8Ph4-X-hFF9AAAAAQ"]
[Sun Jun 29 20:18:29.359242 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/debug.log"] [unique_id "aGGDdX3T5w8Ph4-X-hFF9AAAAAQ"]
[Sun Jun 29 20:18:29.359486 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/debug.log"] [unique_id "aGGDdX3T5w8Ph4-X-hFF9AAAAAQ"]
[Sun Jun 29 20:18:29.431075 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/dump.sql"] [unique_id "aGGDdX3T5w8Ph4-X-hFF9gAAAAQ"]
[Sun Jun 29 20:18:29.431459 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/dump.sql"] [unique_id "aGGDdX3T5w8Ph4-X-hFF9gAAAAQ"]
[Sun Jun 29 20:18:29.431681 2025] [:error] [pid 2967922] [client 185.177.72.107:32096] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/dump.sql"] [unique_id "aGGDdX3T5w8Ph4-X-hFF9gAAAAQ"]
[Sun Jun 29 20:18:39.009141 2025] [:error] [pid 2967921] [client 185.177.72.107:51366] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/logs/error.log"] [unique_id "aGGDfw5w_kdDrMZHVfsROgAAAAM"]
[Sun Jun 29 20:18:39.009528 2025] [:error] [pid 2967921] [client 185.177.72.107:51366] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/logs/error.log"] [unique_id "aGGDfw5w_kdDrMZHVfsROgAAAAM"]
[Sun Jun 29 20:18:39.009718 2025] [:error] [pid 2967921] [client 185.177.72.107:51366] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/logs/error.log"] [unique_id "aGGDfw5w_kdDrMZHVfsROgAAAAM"]
[Sun Jun 29 20:18:53.869158 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/site.conf"] [unique_id "aGGDjTOxdet7QOoqVXWWDAAAAAA"]
[Sun Jun 29 20:18:53.869563 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/site.conf"] [unique_id "aGGDjTOxdet7QOoqVXWWDAAAAAA"]
[Sun Jun 29 20:18:53.869748 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/site.conf"] [unique_id "aGGDjTOxdet7QOoqVXWWDAAAAAA"]
[Sun Jun 29 20:18:53.892036 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/site.sql"] [unique_id "aGGDjTOxdet7QOoqVXWWDQAAAAA"]
[Sun Jun 29 20:18:53.892398 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/site.sql"] [unique_id "aGGDjTOxdet7QOoqVXWWDQAAAAA"]
[Sun Jun 29 20:18:53.892595 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/site.sql"] [unique_id "aGGDjTOxdet7QOoqVXWWDQAAAAA"]
[Sun Jun 29 20:18:53.915396 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/wp-config.php"] [unique_id "aGGDjTOxdet7QOoqVXWWDgAAAAA"]
[Sun Jun 29 20:18:53.915637 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/wp-config.php"] [unique_id "aGGDjTOxdet7QOoqVXWWDgAAAAA"]
[Sun Jun 29 20:18:53.915823 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/wp-config.php"] [unique_id "aGGDjTOxdet7QOoqVXWWDgAAAAA"]
[Sun Jun 29 20:18:53.939673 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/wp-config.php.old"] [unique_id "aGGDjTOxdet7QOoqVXWWDwAAAAA"]
[Sun Jun 29 20:18:53.939835 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup/wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/wp-config.php.old"] [unique_id "aGGDjTOxdet7QOoqVXWWDwAAAAA"]
[Sun Jun 29 20:18:53.940066 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/wp-config.php.old"] [unique_id "aGGDjTOxdet7QOoqVXWWDwAAAAA"]
[Sun Jun 29 20:18:53.940241 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/wp-config.php.old"] [unique_id "aGGDjTOxdet7QOoqVXWWDwAAAAA"]
[Sun Jun 29 20:18:54.027242 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backups/.env"] [unique_id "aGGDjjOxdet7QOoqVXWWEQAAAAA"]
[Sun Jun 29 20:18:54.027473 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backups/.env"] [unique_id "aGGDjjOxdet7QOoqVXWWEQAAAAA"]
[Sun Jun 29 20:18:54.027668 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backups/.env"] [unique_id "aGGDjjOxdet7QOoqVXWWEQAAAAA"]
[Sun Jun 29 20:18:54.556159 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/db.sql"] [unique_id "aGGDjjOxdet7QOoqVXWWFAAAAAA"]
[Sun Jun 29 20:18:54.556494 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/db.sql"] [unique_id "aGGDjjOxdet7QOoqVXWWFAAAAAA"]
[Sun Jun 29 20:18:54.556718 2025] [:error] [pid 2967918] [client 185.177.72.107:14470] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/db.sql"] [unique_id "aGGDjjOxdet7QOoqVXWWFAAAAAA"]
[Sun Jun 29 20:19:18.048757 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aGGDpntTxOj9v32ojom56AAAAAE"]
[Sun Jun 29 20:19:18.049061 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aGGDpntTxOj9v32ojom56AAAAAE"]
[Sun Jun 29 20:19:18.049762 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aGGDpntTxOj9v32ojom56AAAAAE"]
[Sun Jun 29 20:19:18.126473 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aGGDpntTxOj9v32ojom56QAAAAE"]
[Sun Jun 29 20:19:18.126823 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aGGDpntTxOj9v32ojom56QAAAAE"]
[Sun Jun 29 20:19:18.127112 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aGGDpntTxOj9v32ojom56QAAAAE"]
[Sun Jun 29 20:19:18.230085 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aGGDpntTxOj9v32ojom57AAAAAE"]
[Sun Jun 29 20:19:18.230327 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aGGDpntTxOj9v32ojom57AAAAAE"]
[Sun Jun 29 20:19:18.230565 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aGGDpntTxOj9v32ojom57AAAAAE"]
[Sun Jun 29 20:19:18.282848 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aGGDpntTxOj9v32ojom57QAAAAE"]
[Sun Jun 29 20:19:18.283200 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aGGDpntTxOj9v32ojom57QAAAAE"]
[Sun Jun 29 20:19:18.283396 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aGGDpntTxOj9v32ojom57QAAAAE"]
[Sun Jun 29 20:19:23.194159 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aGGDq3tTxOj9v32ojom58gAAAAE"]
[Sun Jun 29 20:19:23.194532 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aGGDq3tTxOj9v32ojom58gAAAAE"]
[Sun Jun 29 20:19:23.194753 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aGGDq3tTxOj9v32ojom58gAAAAE"]
[Sun Jun 29 20:19:23.239581 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aGGDq3tTxOj9v32ojom59AAAAAE"]
[Sun Jun 29 20:19:23.240027 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aGGDq3tTxOj9v32ojom59AAAAAE"]
[Sun Jun 29 20:19:23.240313 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aGGDq3tTxOj9v32ojom59AAAAAE"]
[Sun Jun 29 20:19:23.262183 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGGDq3tTxOj9v32ojom59QAAAAE"]
[Sun Jun 29 20:19:23.262430 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGGDq3tTxOj9v32ojom59QAAAAE"]
[Sun Jun 29 20:19:23.262613 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGGDq3tTxOj9v32ojom59QAAAAE"]
[Sun Jun 29 20:19:23.284544 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aGGDq3tTxOj9v32ojom59gAAAAE"]
[Sun Jun 29 20:19:23.284697 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aGGDq3tTxOj9v32ojom59gAAAAE"]
[Sun Jun 29 20:19:23.284926 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aGGDq3tTxOj9v32ojom59gAAAAE"]
[Sun Jun 29 20:19:23.285105 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aGGDq3tTxOj9v32ojom59gAAAAE"]
[Sun Jun 29 20:19:23.321668 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "aGGDq3tTxOj9v32ojom59wAAAAE"]
[Sun Jun 29 20:19:23.321933 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "aGGDq3tTxOj9v32ojom59wAAAAE"]
[Sun Jun 29 20:19:23.322110 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "aGGDq3tTxOj9v32ojom59wAAAAE"]
[Sun Jun 29 20:19:23.390716 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aGGDq3tTxOj9v32ojom5-AAAAAE"]
[Sun Jun 29 20:19:23.390873 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aGGDq3tTxOj9v32ojom5-AAAAAE"]
[Sun Jun 29 20:19:23.391104 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aGGDq3tTxOj9v32ojom5-AAAAAE"]
[Sun Jun 29 20:19:23.391322 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aGGDq3tTxOj9v32ojom5-AAAAAE"]
[Sun Jun 29 20:19:23.413589 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aGGDq3tTxOj9v32ojom5-QAAAAE"]
[Sun Jun 29 20:19:23.413835 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aGGDq3tTxOj9v32ojom5-QAAAAE"]
[Sun Jun 29 20:19:23.414027 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aGGDq3tTxOj9v32ojom5-QAAAAE"]
[Sun Jun 29 20:19:23.436138 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env~"] [unique_id "aGGDq3tTxOj9v32ojom5-gAAAAE"]
[Sun Jun 29 20:19:23.436374 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env~"] [unique_id "aGGDq3tTxOj9v32ojom5-gAAAAE"]
[Sun Jun 29 20:19:23.436558 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env~"] [unique_id "aGGDq3tTxOj9v32ojom5-gAAAAE"]
[Sun Jun 29 20:19:23.458631 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/"] [unique_id "aGGDq3tTxOj9v32ojom5-wAAAAE"]
[Sun Jun 29 20:19:23.458915 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/"] [unique_id "aGGDq3tTxOj9v32ojom5-wAAAAE"]
[Sun Jun 29 20:19:23.459127 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/"] [unique_id "aGGDq3tTxOj9v32ojom5-wAAAAE"]
[Sun Jun 29 20:19:27.923331 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/HEAD"] [unique_id "aGGDr3tTxOj9v32ojom5_AAAAAE"]
[Sun Jun 29 20:19:27.923578 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/HEAD"] [unique_id "aGGDr3tTxOj9v32ojom5_AAAAAE"]
[Sun Jun 29 20:19:27.923824 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/HEAD"] [unique_id "aGGDr3tTxOj9v32ojom5_AAAAAE"]
[Sun Jun 29 20:19:27.945628 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "aGGDr3tTxOj9v32ojom5_QAAAAE"]
[Sun Jun 29 20:19:27.945873 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "aGGDr3tTxOj9v32ojom5_QAAAAE"]
[Sun Jun 29 20:19:27.946062 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/config"] [unique_id "aGGDr3tTxOj9v32ojom5_QAAAAE"]
[Sun Jun 29 20:19:27.968303 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /config/.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/logs/HEAD"] [unique_id "aGGDr3tTxOj9v32ojom5_gAAAAE"]
[Sun Jun 29 20:19:27.968551 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/logs/HEAD"] [unique_id "aGGDr3tTxOj9v32ojom5_gAAAAE"]
[Sun Jun 29 20:19:27.968745 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.git/logs/HEAD"] [unique_id "aGGDr3tTxOj9v32ojom5_gAAAAE"]
[Sun Jun 29 20:19:27.990827 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /config/.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.gitignore"] [unique_id "aGGDr3tTxOj9v32ojom5_wAAAAE"]
[Sun Jun 29 20:19:27.991087 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.gitignore"] [unique_id "aGGDr3tTxOj9v32ojom5_wAAAAE"]
[Sun Jun 29 20:19:27.991278 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.gitignore"] [unique_id "aGGDr3tTxOj9v32ojom5_wAAAAE"]
[Sun Jun 29 20:19:28.013245 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /config/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htaccess"] [unique_id "aGGDsHtTxOj9v32ojom6AAAAAAE"]
[Sun Jun 29 20:19:28.013489 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htaccess"] [unique_id "aGGDsHtTxOj9v32ojom6AAAAAAE"]
[Sun Jun 29 20:19:28.013674 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htaccess"] [unique_id "aGGDsHtTxOj9v32ojom6AAAAAAE"]
[Sun Jun 29 20:19:28.035620 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /config/.htpasswd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htpasswd"] [unique_id "aGGDsHtTxOj9v32ojom6AQAAAAE"]
[Sun Jun 29 20:19:28.035867 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htpasswd"] [unique_id "aGGDsHtTxOj9v32ojom6AQAAAAE"]
[Sun Jun 29 20:19:28.036046 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htpasswd"] [unique_id "aGGDsHtTxOj9v32ojom6AQAAAAE"]
[Sun Jun 29 20:19:28.058518 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/access.log"] [unique_id "aGGDsHtTxOj9v32ojom6AgAAAAE"]
[Sun Jun 29 20:19:28.058892 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/access.log"] [unique_id "aGGDsHtTxOj9v32ojom6AgAAAAE"]
[Sun Jun 29 20:19:28.059081 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/access.log"] [unique_id "aGGDsHtTxOj9v32ojom6AgAAAAE"]
[Sun Jun 29 20:19:28.103970 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/app.js.bak"] [unique_id "aGGDsHtTxOj9v32ojom6BAAAAAE"]
[Sun Jun 29 20:19:28.104316 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/app.js.bak"] [unique_id "aGGDsHtTxOj9v32ojom6BAAAAAE"]
[Sun Jun 29 20:19:28.104503 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/app.js.bak"] [unique_id "aGGDsHtTxOj9v32ojom6BAAAAAE"]
[Sun Jun 29 20:19:32.944092 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/backup.sql"] [unique_id "aGGDtHtTxOj9v32ojom6CwAAAAE"]
[Sun Jun 29 20:19:32.944440 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/backup.sql"] [unique_id "aGGDtHtTxOj9v32ojom6CwAAAAE"]
[Sun Jun 29 20:19:32.944623 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/backup.sql"] [unique_id "aGGDtHtTxOj9v32ojom6CwAAAAE"]
[Sun Jun 29 20:19:33.143480 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.php.bak"] [unique_id "aGGDtXtTxOj9v32ojom6EgAAAAE"]
[Sun Jun 29 20:19:33.143815 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.php.bak"] [unique_id "aGGDtXtTxOj9v32ojom6EgAAAAE"]
[Sun Jun 29 20:19:33.144015 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.php.bak"] [unique_id "aGGDtXtTxOj9v32ojom6EgAAAAE"]
[Sun Jun 29 20:19:33.180710 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aGGDtXtTxOj9v32ojom6EwAAAAE"]
[Sun Jun 29 20:19:33.180954 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aGGDtXtTxOj9v32ojom6EwAAAAE"]
[Sun Jun 29 20:19:33.181159 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aGGDtXtTxOj9v32ojom6EwAAAAE"]
[Sun Jun 29 20:19:38.177455 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/db.sql"] [unique_id "aGGDuntTxOj9v32ojom6FgAAAAE"]
[Sun Jun 29 20:19:38.177794 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/db.sql"] [unique_id "aGGDuntTxOj9v32ojom6FgAAAAE"]
[Sun Jun 29 20:19:38.177969 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/db.sql"] [unique_id "aGGDuntTxOj9v32ojom6FgAAAAE"]
[Sun Jun 29 20:19:38.222968 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/debug.log"] [unique_id "aGGDuntTxOj9v32ojom6GAAAAAE"]
[Sun Jun 29 20:19:38.223325 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/debug.log"] [unique_id "aGGDuntTxOj9v32ojom6GAAAAAE"]
[Sun Jun 29 20:19:38.223550 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/debug.log"] [unique_id "aGGDuntTxOj9v32ojom6GAAAAAE"]
[Sun Jun 29 20:19:38.297693 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/dump.sql"] [unique_id "aGGDuntTxOj9v32ojom6GwAAAAE"]
[Sun Jun 29 20:19:38.298087 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/dump.sql"] [unique_id "aGGDuntTxOj9v32ojom6GwAAAAE"]
[Sun Jun 29 20:19:38.298292 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/dump.sql"] [unique_id "aGGDuntTxOj9v32ojom6GwAAAAE"]
[Sun Jun 29 20:19:42.280888 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/error.log"] [unique_id "aGGDvntTxOj9v32ojom6HQAAAAE"]
[Sun Jun 29 20:19:42.281257 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/error.log"] [unique_id "aGGDvntTxOj9v32ojom6HQAAAAE"]
[Sun Jun 29 20:19:42.281470 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/error.log"] [unique_id "aGGDvntTxOj9v32ojom6HQAAAAE"]
[Sun Jun 29 20:19:42.372522 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/logs/error.log"] [unique_id "aGGDvntTxOj9v32ojom6IQAAAAE"]
[Sun Jun 29 20:19:42.372861 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/logs/error.log"] [unique_id "aGGDvntTxOj9v32ojom6IQAAAAE"]
[Sun Jun 29 20:19:42.373048 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/logs/error.log"] [unique_id "aGGDvntTxOj9v32ojom6IQAAAAE"]
[Sun Jun 29 20:19:42.625508 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aGGDvntTxOj9v32ojom6JwAAAAE"]
[Sun Jun 29 20:19:42.625760 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aGGDvntTxOj9v32ojom6JwAAAAE"]
[Sun Jun 29 20:19:42.625948 2025] [:error] [pid 2967919] [client 185.177.72.107:37044] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aGGDvntTxOj9v32ojom6JwAAAAE"]
[Sun Jun 29 20:19:55.666440 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/site.conf"] [unique_id "aGGDy3N4YZunzJSJCzJ6bAAAAAY"]
[Sun Jun 29 20:19:55.666797 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/site.conf"] [unique_id "aGGDy3N4YZunzJSJCzJ6bAAAAAY"]
[Sun Jun 29 20:19:55.666983 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/site.conf"] [unique_id "aGGDy3N4YZunzJSJCzJ6bAAAAAY"]
[Sun Jun 29 20:19:55.687125 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/site.sql"] [unique_id "aGGDy3N4YZunzJSJCzJ6bQAAAAY"]
[Sun Jun 29 20:19:55.687492 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/site.sql"] [unique_id "aGGDy3N4YZunzJSJCzJ6bQAAAAY"]
[Sun Jun 29 20:19:55.687672 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/site.sql"] [unique_id "aGGDy3N4YZunzJSJCzJ6bQAAAAY"]
[Sun Jun 29 20:20:00.424680 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /config/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/wp-config.php"] [unique_id "aGGD0HN4YZunzJSJCzJ6cQAAAAY"]
[Sun Jun 29 20:20:00.424941 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/wp-config.php"] [unique_id "aGGD0HN4YZunzJSJCzJ6cQAAAAY"]
[Sun Jun 29 20:20:00.425125 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/wp-config.php"] [unique_id "aGGD0HN4YZunzJSJCzJ6cQAAAAY"]
[Sun Jun 29 20:20:00.445214 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/wp-config.php.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6cgAAAAY"]
[Sun Jun 29 20:20:00.445373 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /config/wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/wp-config.php.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6cgAAAAY"]
[Sun Jun 29 20:20:00.445591 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/wp-config.php.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6cgAAAAY"]
[Sun Jun 29 20:20:00.445766 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/wp-config.php.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6cgAAAAY"]
[Sun Jun 29 20:20:00.635537 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aGGD0HN4YZunzJSJCzJ6ewAAAAY"]
[Sun Jun 29 20:20:00.635780 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aGGD0HN4YZunzJSJCzJ6ewAAAAY"]
[Sun Jun 29 20:20:00.635952 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aGGD0HN4YZunzJSJCzJ6ewAAAAY"]
[Sun Jun 29 20:20:00.710317 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aGGD0HN4YZunzJSJCzJ6fAAAAAY"]
[Sun Jun 29 20:20:00.710493 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aGGD0HN4YZunzJSJCzJ6fAAAAAY"]
[Sun Jun 29 20:20:00.710782 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aGGD0HN4YZunzJSJCzJ6fAAAAAY"]
[Sun Jun 29 20:20:00.710968 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aGGD0HN4YZunzJSJCzJ6fAAAAAY"]
[Sun Jun 29 20:20:00.734317 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.local"] [unique_id "aGGD0HN4YZunzJSJCzJ6fQAAAAY"]
[Sun Jun 29 20:20:00.734626 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.local"] [unique_id "aGGD0HN4YZunzJSJCzJ6fQAAAAY"]
[Sun Jun 29 20:20:00.734810 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.local"] [unique_id "aGGD0HN4YZunzJSJCzJ6fQAAAAY"]
[Sun Jun 29 20:20:00.780799 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6fgAAAAY"]
[Sun Jun 29 20:20:00.780958 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6fgAAAAY"]
[Sun Jun 29 20:20:00.781189 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6fgAAAAY"]
[Sun Jun 29 20:20:00.781376 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aGGD0HN4YZunzJSJCzJ6fgAAAAY"]
[Sun Jun 29 20:20:05.198768 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aGGD1XN4YZunzJSJCzJ6fwAAAAY"]
[Sun Jun 29 20:20:05.199020 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aGGD1XN4YZunzJSJCzJ6fwAAAAY"]
[Sun Jun 29 20:20:05.199227 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aGGD1XN4YZunzJSJCzJ6fwAAAAY"]
[Sun Jun 29 20:20:10.089960 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env~"] [unique_id "aGGD2nN4YZunzJSJCzJ6gAAAAAY"]
[Sun Jun 29 20:20:10.090234 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env~"] [unique_id "aGGD2nN4YZunzJSJCzJ6gAAAAAY"]
[Sun Jun 29 20:20:10.090471 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env~"] [unique_id "aGGD2nN4YZunzJSJCzJ6gAAAAAY"]
[Sun Jun 29 20:20:10.112356 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/"] [unique_id "aGGD2nN4YZunzJSJCzJ6gQAAAAY"]
[Sun Jun 29 20:20:10.112605 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/"] [unique_id "aGGD2nN4YZunzJSJCzJ6gQAAAAY"]
[Sun Jun 29 20:20:10.112793 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/"] [unique_id "aGGD2nN4YZunzJSJCzJ6gQAAAAY"]
[Sun Jun 29 20:20:10.133427 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/HEAD"] [unique_id "aGGD2nN4YZunzJSJCzJ6ggAAAAY"]
[Sun Jun 29 20:20:10.133682 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/HEAD"] [unique_id "aGGD2nN4YZunzJSJCzJ6ggAAAAY"]
[Sun Jun 29 20:20:10.133870 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/HEAD"] [unique_id "aGGD2nN4YZunzJSJCzJ6ggAAAAY"]
[Sun Jun 29 20:20:14.989780 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/config"] [unique_id "aGGD3nN4YZunzJSJCzJ6gwAAAAY"]
[Sun Jun 29 20:20:14.990054 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/config"] [unique_id "aGGD3nN4YZunzJSJCzJ6gwAAAAY"]
[Sun Jun 29 20:20:14.990275 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/config"] [unique_id "aGGD3nN4YZunzJSJCzJ6gwAAAAY"]
[Sun Jun 29 20:20:15.010444 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /core/.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/logs/HEAD"] [unique_id "aGGD33N4YZunzJSJCzJ6hAAAAAY"]
[Sun Jun 29 20:20:15.010697 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/logs/HEAD"] [unique_id "aGGD33N4YZunzJSJCzJ6hAAAAAY"]
[Sun Jun 29 20:20:15.010888 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.git/logs/HEAD"] [unique_id "aGGD33N4YZunzJSJCzJ6hAAAAAY"]
[Sun Jun 29 20:20:15.031103 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /core/.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.gitignore"] [unique_id "aGGD33N4YZunzJSJCzJ6hQAAAAY"]
[Sun Jun 29 20:20:15.031362 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.gitignore"] [unique_id "aGGD33N4YZunzJSJCzJ6hQAAAAY"]
[Sun Jun 29 20:20:15.031555 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.gitignore"] [unique_id "aGGD33N4YZunzJSJCzJ6hQAAAAY"]
[Sun Jun 29 20:20:15.051580 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/access.log"] [unique_id "aGGD33N4YZunzJSJCzJ6hgAAAAY"]
[Sun Jun 29 20:20:15.051933 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/access.log"] [unique_id "aGGD33N4YZunzJSJCzJ6hgAAAAY"]
[Sun Jun 29 20:20:15.052123 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/access.log"] [unique_id "aGGD33N4YZunzJSJCzJ6hgAAAAY"]
[Sun Jun 29 20:20:15.093268 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app.js.bak"] [unique_id "aGGD33N4YZunzJSJCzJ6iAAAAAY"]
[Sun Jun 29 20:20:15.093627 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app.js.bak"] [unique_id "aGGD33N4YZunzJSJCzJ6iAAAAAY"]
[Sun Jun 29 20:20:15.093817 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app.js.bak"] [unique_id "aGGD33N4YZunzJSJCzJ6iAAAAAY"]
[Sun Jun 29 20:20:15.113842 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/backup.sql"] [unique_id "aGGD33N4YZunzJSJCzJ6iQAAAAY"]
[Sun Jun 29 20:20:15.114200 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/backup.sql"] [unique_id "aGGD33N4YZunzJSJCzJ6iQAAAAY"]
[Sun Jun 29 20:20:15.114406 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/backup.sql"] [unique_id "aGGD33N4YZunzJSJCzJ6iQAAAAY"]
[Sun Jun 29 20:20:20.053789 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/config.php.bak"] [unique_id "aGGD5HN4YZunzJSJCzJ6jwAAAAY"]
[Sun Jun 29 20:20:20.054141 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/config.php.bak"] [unique_id "aGGD5HN4YZunzJSJCzJ6jwAAAAY"]
[Sun Jun 29 20:20:20.054329 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/config.php.bak"] [unique_id "aGGD5HN4YZunzJSJCzJ6jwAAAAY"]
[Sun Jun 29 20:20:20.095546 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/db.sql"] [unique_id "aGGD5HN4YZunzJSJCzJ6kQAAAAY"]
[Sun Jun 29 20:20:20.095894 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/db.sql"] [unique_id "aGGD5HN4YZunzJSJCzJ6kQAAAAY"]
[Sun Jun 29 20:20:20.096096 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/db.sql"] [unique_id "aGGD5HN4YZunzJSJCzJ6kQAAAAY"]
[Sun Jun 29 20:20:20.137363 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/debug.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6kwAAAAY"]
[Sun Jun 29 20:20:20.137689 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/debug.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6kwAAAAY"]
[Sun Jun 29 20:20:20.137864 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/debug.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6kwAAAAY"]
[Sun Jun 29 20:20:20.178899 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/dump.sql"] [unique_id "aGGD5HN4YZunzJSJCzJ6lQAAAAY"]
[Sun Jun 29 20:20:20.179249 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/dump.sql"] [unique_id "aGGD5HN4YZunzJSJCzJ6lQAAAAY"]
[Sun Jun 29 20:20:20.179455 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/dump.sql"] [unique_id "aGGD5HN4YZunzJSJCzJ6lQAAAAY"]
[Sun Jun 29 20:20:20.220743 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/error.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6lwAAAAY"]
[Sun Jun 29 20:20:20.221115 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/error.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6lwAAAAY"]
[Sun Jun 29 20:20:20.221302 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/error.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6lwAAAAY"]
[Sun Jun 29 20:20:20.286930 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/logs/error.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6mgAAAAY"]
[Sun Jun 29 20:20:20.287309 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/logs/error.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6mgAAAAY"]
[Sun Jun 29 20:20:20.287506 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/logs/error.log"] [unique_id "aGGD5HN4YZunzJSJCzJ6mgAAAAY"]
[Sun Jun 29 20:20:24.562153 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/site.conf"] [unique_id "aGGD6HN4YZunzJSJCzJ6nwAAAAY"]
[Sun Jun 29 20:20:24.562528 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/site.conf"] [unique_id "aGGD6HN4YZunzJSJCzJ6nwAAAAY"]
[Sun Jun 29 20:20:24.562707 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/site.conf"] [unique_id "aGGD6HN4YZunzJSJCzJ6nwAAAAY"]
[Sun Jun 29 20:20:24.582651 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/site.sql"] [unique_id "aGGD6HN4YZunzJSJCzJ6oAAAAAY"]
[Sun Jun 29 20:20:24.583010 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/site.sql"] [unique_id "aGGD6HN4YZunzJSJCzJ6oAAAAAY"]
[Sun Jun 29 20:20:24.583182 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/site.sql"] [unique_id "aGGD6HN4YZunzJSJCzJ6oAAAAAY"]
[Sun Jun 29 20:20:24.677196 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /core/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/wp-config.php"] [unique_id "aGGD6HN4YZunzJSJCzJ6oQAAAAY"]
[Sun Jun 29 20:20:24.677429 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/wp-config.php"] [unique_id "aGGD6HN4YZunzJSJCzJ6oQAAAAY"]
[Sun Jun 29 20:20:24.677605 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/wp-config.php"] [unique_id "aGGD6HN4YZunzJSJCzJ6oQAAAAY"]
[Sun Jun 29 20:20:24.699570 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/wp-config.php.old"] [unique_id "aGGD6HN4YZunzJSJCzJ6ogAAAAY"]
[Sun Jun 29 20:20:24.699748 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /core/wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/wp-config.php.old"] [unique_id "aGGD6HN4YZunzJSJCzJ6ogAAAAY"]
[Sun Jun 29 20:20:24.699985 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/wp-config.php.old"] [unique_id "aGGD6HN4YZunzJSJCzJ6ogAAAAY"]
[Sun Jun 29 20:20:24.700164 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/wp-config.php.old"] [unique_id "aGGD6HN4YZunzJSJCzJ6ogAAAAY"]
[Sun Jun 29 20:20:29.436516 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6owAAAAY"]
[Sun Jun 29 20:20:29.436751 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6owAAAAY"]
[Sun Jun 29 20:20:29.436954 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6owAAAAY"]
[Sun Jun 29 20:20:29.457167 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6pAAAAAY"]
[Sun Jun 29 20:20:29.457414 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6pAAAAAY"]
[Sun Jun 29 20:20:29.457595 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6pAAAAAY"]
[Sun Jun 29 20:20:29.520316 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6pwAAAAY"]
[Sun Jun 29 20:20:29.520576 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6pwAAAAY"]
[Sun Jun 29 20:20:29.521434 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aGGD7XN4YZunzJSJCzJ6pwAAAAY"]
[Sun Jun 29 20:20:29.562389 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.bak"] [unique_id "aGGD7XN4YZunzJSJCzJ6qQAAAAY"]
[Sun Jun 29 20:20:29.562721 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.bak"] [unique_id "aGGD7XN4YZunzJSJCzJ6qQAAAAY"]
[Sun Jun 29 20:20:29.562888 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.bak"] [unique_id "aGGD7XN4YZunzJSJCzJ6qQAAAAY"]
[Sun Jun 29 20:20:29.628895 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGGD7XN4YZunzJSJCzJ6qwAAAAY"]
[Sun Jun 29 20:20:29.629232 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGGD7XN4YZunzJSJCzJ6qwAAAAY"]
[Sun Jun 29 20:20:29.629419 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGGD7XN4YZunzJSJCzJ6qwAAAAY"]
[Sun Jun 29 20:20:29.666239 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.bak"] [unique_id "aGGD7XN4YZunzJSJCzJ6rAAAAAY"]
[Sun Jun 29 20:20:29.666605 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.bak"] [unique_id "aGGD7XN4YZunzJSJCzJ6rAAAAAY"]
[Sun Jun 29 20:20:29.666804 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.bak"] [unique_id "aGGD7XN4YZunzJSJCzJ6rAAAAAY"]
[Sun Jun 29 20:20:34.558874 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGGD8nN4YZunzJSJCzJ6rwAAAAY"]
[Sun Jun 29 20:20:34.559232 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGGD8nN4YZunzJSJCzJ6rwAAAAY"]
[Sun Jun 29 20:20:34.559895 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGGD8nN4YZunzJSJCzJ6rwAAAAY"]
[Sun Jun 29 20:20:34.580055 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /db/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/db/.env"] [unique_id "aGGD8nN4YZunzJSJCzJ6sAAAAAY"]
[Sun Jun 29 20:20:34.580294 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db/.env"] [unique_id "aGGD8nN4YZunzJSJCzJ6sAAAAAY"]
[Sun Jun 29 20:20:34.580471 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db/.env"] [unique_id "aGGD8nN4YZunzJSJCzJ6sAAAAAY"]
[Sun Jun 29 20:20:34.621585 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aGGD8nN4YZunzJSJCzJ6sgAAAAY"]
[Sun Jun 29 20:20:34.621944 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aGGD8nN4YZunzJSJCzJ6sgAAAAY"]
[Sun Jun 29 20:20:34.622131 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aGGD8nN4YZunzJSJCzJ6sgAAAAY"]
[Sun Jun 29 20:20:34.663647 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGGD8nN4YZunzJSJCzJ6tAAAAAY"]
[Sun Jun 29 20:20:34.663980 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGGD8nN4YZunzJSJCzJ6tAAAAAY"]
[Sun Jun 29 20:20:34.664151 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGGD8nN4YZunzJSJCzJ6tAAAAAY"]
[Sun Jun 29 20:20:34.746064 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:target. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:target: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/debug"] [unique_id "aGGD8nN4YZunzJSJCzJ6twAAAAY"]
[Sun Jun 29 20:20:34.746555 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug"] [unique_id "aGGD8nN4YZunzJSJCzJ6twAAAAY"]
[Sun Jun 29 20:20:34.746749 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug"] [unique_id "aGGD8nN4YZunzJSJCzJ6twAAAAY"]
[Sun Jun 29 20:20:34.807786 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aGGD8nN4YZunzJSJCzJ6uAAAAAY"]
[Sun Jun 29 20:20:34.808027 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aGGD8nN4YZunzJSJCzJ6uAAAAAY"]
[Sun Jun 29 20:20:34.808230 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aGGD8nN4YZunzJSJCzJ6uAAAAAY"]
[Sun Jun 29 20:20:39.528065 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/db.sql"] [unique_id "aGGD93N4YZunzJSJCzJ6ugAAAAY"]
[Sun Jun 29 20:20:39.528532 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/db.sql"] [unique_id "aGGD93N4YZunzJSJCzJ6ugAAAAY"]
[Sun Jun 29 20:20:39.528796 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/db.sql"] [unique_id "aGGD93N4YZunzJSJCzJ6ugAAAAY"]
[Sun Jun 29 20:20:39.612649 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aGGD93N4YZunzJSJCzJ6vgAAAAY"]
[Sun Jun 29 20:20:39.612886 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aGGD93N4YZunzJSJCzJ6vgAAAAY"]
[Sun Jun 29 20:20:39.613063 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aGGD93N4YZunzJSJCzJ6vgAAAAY"]
[Sun Jun 29 20:20:39.795911 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aGGD93N4YZunzJSJCzJ6wQAAAAY"]
[Sun Jun 29 20:20:39.796159 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aGGD93N4YZunzJSJCzJ6wQAAAAY"]
[Sun Jun 29 20:20:39.796358 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aGGD93N4YZunzJSJCzJ6wQAAAAY"]
[Sun Jun 29 20:20:44.671949 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aGGD_HN4YZunzJSJCzJ6wgAAAAY"]
[Sun Jun 29 20:20:44.672216 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aGGD_HN4YZunzJSJCzJ6wgAAAAY"]
[Sun Jun 29 20:20:44.673186 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aGGD_HN4YZunzJSJCzJ6wgAAAAY"]
[Sun Jun 29 20:20:44.693262 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.bak"] [unique_id "aGGD_HN4YZunzJSJCzJ6wwAAAAY"]
[Sun Jun 29 20:20:44.693625 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.bak"] [unique_id "aGGD_HN4YZunzJSJCzJ6wwAAAAY"]
[Sun Jun 29 20:20:44.693805 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.bak"] [unique_id "aGGD_HN4YZunzJSJCzJ6wwAAAAY"]
[Sun Jun 29 20:20:44.713901 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGGD_HN4YZunzJSJCzJ6xAAAAAY"]
[Sun Jun 29 20:20:44.714238 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGGD_HN4YZunzJSJCzJ6xAAAAAY"]
[Sun Jun 29 20:20:44.714485 2025] [:error] [pid 3059540] [client 185.177.72.107:29322] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGGD_HN4YZunzJSJCzJ6xAAAAAY"]
[Sun Jun 29 20:20:59.245320 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aGGECw5w_kdDrMZHVfsRPgAAAAM"]
[Sun Jun 29 20:20:59.245687 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aGGECw5w_kdDrMZHVfsRPgAAAAM"]
[Sun Jun 29 20:20:59.245868 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aGGECw5w_kdDrMZHVfsRPgAAAAM"]
[Sun Jun 29 20:20:59.678532 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aGGECw5w_kdDrMZHVfsRQQAAAAM"]
[Sun Jun 29 20:20:59.678767 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aGGECw5w_kdDrMZHVfsRQQAAAAM"]
[Sun Jun 29 20:20:59.678956 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aGGECw5w_kdDrMZHVfsRQQAAAAM"]
[Sun Jun 29 20:20:59.842218 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGGECw5w_kdDrMZHVfsRQgAAAAM"]
[Sun Jun 29 20:20:59.842673 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGGECw5w_kdDrMZHVfsRQgAAAAM"]
[Sun Jun 29 20:20:59.842876 2025] [:error] [pid 2967921] [client 185.177.72.107:42154] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGGECw5w_kdDrMZHVfsRQgAAAAM"]
[Sun Jun 29 20:21:23.239345 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /hidden/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/config"] [unique_id "aGGEIzOxdet7QOoqVXWWJgAAAAA"]
[Sun Jun 29 20:21:23.239632 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/config"] [unique_id "aGGEIzOxdet7QOoqVXWWJgAAAAA"]
[Sun Jun 29 20:21:23.239832 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/config"] [unique_id "aGGEIzOxdet7QOoqVXWWJgAAAAA"]
[Sun Jun 29 20:21:23.259962 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /hidden/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/credentials"] [unique_id "aGGEIzOxdet7QOoqVXWWJwAAAAA"]
[Sun Jun 29 20:21:23.260211 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/credentials"] [unique_id "aGGEIzOxdet7QOoqVXWWJwAAAAA"]
[Sun Jun 29 20:21:23.260407 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/credentials"] [unique_id "aGGEIzOxdet7QOoqVXWWJwAAAAA"]
[Sun Jun 29 20:21:23.280465 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /hidden/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.env"] [unique_id "aGGEIzOxdet7QOoqVXWWKAAAAAA"]
[Sun Jun 29 20:21:23.280705 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.env"] [unique_id "aGGEIzOxdet7QOoqVXWWKAAAAAA"]
[Sun Jun 29 20:21:23.280914 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.env"] [unique_id "aGGEIzOxdet7QOoqVXWWKAAAAAA"]
[Sun Jun 29 20:21:28.627137 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/admin"] [unique_id "aGGEKDOxdet7QOoqVXWWNwAAAAA"]
[Sun Jun 29 20:21:28.627555 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/admin"] [unique_id "aGGEKDOxdet7QOoqVXWWNwAAAAA"]
[Sun Jun 29 20:21:28.627752 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/admin"] [unique_id "aGGEKDOxdet7QOoqVXWWNwAAAAA"]
[Sun Jun 29 20:21:37.519990 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWPgAAAAA"]
[Sun Jun 29 20:21:37.520255 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWPgAAAAA"]
[Sun Jun 29 20:21:37.520456 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWPgAAAAA"]
[Sun Jun 29 20:21:37.626224 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWQwAAAAA"]
[Sun Jun 29 20:21:37.626477 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWQwAAAAA"]
[Sun Jun 29 20:21:37.626664 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWQwAAAAA"]
[Sun Jun 29 20:21:37.815165 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWTAAAAAA"]
[Sun Jun 29 20:21:37.815409 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWTAAAAAA"]
[Sun Jun 29 20:21:37.815605 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWTAAAAAA"]
[Sun Jun 29 20:21:37.878164 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWTwAAAAA"]
[Sun Jun 29 20:21:37.878426 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWTwAAAAA"]
[Sun Jun 29 20:21:37.878625 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aGGEMTOxdet7QOoqVXWWTwAAAAA"]
[Sun Jun 29 20:21:38.043712 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aGGEMjOxdet7QOoqVXWWUgAAAAA"]
[Sun Jun 29 20:21:38.043946 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aGGEMjOxdet7QOoqVXWWUgAAAAA"]
[Sun Jun 29 20:21:38.044147 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aGGEMjOxdet7QOoqVXWWUgAAAAA"]
[Sun Jun 29 20:21:42.932223 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aGGENjOxdet7QOoqVXWWUwAAAAA"]
[Sun Jun 29 20:21:42.932458 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aGGENjOxdet7QOoqVXWWUwAAAAA"]
[Sun Jun 29 20:21:42.932670 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aGGENjOxdet7QOoqVXWWUwAAAAA"]
[Sun Jun 29 20:21:43.089473 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aGGENzOxdet7QOoqVXWWWQAAAAA"]
[Sun Jun 29 20:21:43.089718 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aGGENzOxdet7QOoqVXWWWQAAAAA"]
[Sun Jun 29 20:21:43.089916 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aGGENzOxdet7QOoqVXWWWQAAAAA"]
[Sun Jun 29 20:21:48.070952 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGGEPDOxdet7QOoqVXWWXgAAAAA"]
[Sun Jun 29 20:21:48.072124 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGGEPDOxdet7QOoqVXWWXgAAAAA"]
[Sun Jun 29 20:21:48.072344 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGGEPDOxdet7QOoqVXWWXgAAAAA"]
[Sun Jun 29 20:21:48.092281 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aGGEPDOxdet7QOoqVXWWXwAAAAA"]
[Sun Jun 29 20:21:48.092627 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aGGEPDOxdet7QOoqVXWWXwAAAAA"]
[Sun Jun 29 20:21:48.092814 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aGGEPDOxdet7QOoqVXWWXwAAAAA"]
[Sun Jun 29 20:21:48.155249 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aGGEPDOxdet7QOoqVXWWYgAAAAA"]
[Sun Jun 29 20:21:48.155489 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aGGEPDOxdet7QOoqVXWWYgAAAAA"]
[Sun Jun 29 20:21:48.155688 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aGGEPDOxdet7QOoqVXWWYgAAAAA"]
[Sun Jun 29 20:21:48.176204 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aGGEPDOxdet7QOoqVXWWYwAAAAA"]
[Sun Jun 29 20:21:48.176442 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aGGEPDOxdet7QOoqVXWWYwAAAAA"]
[Sun Jun 29 20:21:48.176645 2025] [:error] [pid 2967918] [client 185.177.72.107:53542] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aGGEPDOxdet7QOoqVXWWYwAAAAA"]
[Sun Jun 29 20:21:56.745327 2025] [:error] [pid 3205368] [client 185.177.72.107:38838] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aGGERPU4kcQDYAJF_ch7EgAAAAo"]
[Sun Jun 29 20:21:56.745563 2025] [:error] [pid 3205368] [client 185.177.72.107:38838] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aGGERPU4kcQDYAJF_ch7EgAAAAo"]
[Sun Jun 29 20:21:56.745734 2025] [:error] [pid 3205368] [client 185.177.72.107:38838] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aGGERPU4kcQDYAJF_ch7EgAAAAo"]
[Sun Jun 29 20:22:20.805427 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aGGEXOU-dj-hWt1UAd7gjQAAAAU"]
[Sun Jun 29 20:22:20.805781 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aGGEXOU-dj-hWt1UAd7gjQAAAAU"]
[Sun Jun 29 20:22:20.805973 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aGGEXOU-dj-hWt1UAd7gjQAAAAU"]
[Sun Jun 29 20:22:25.478172 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".my.cnf" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .my.cnf found within REQUEST_FILENAME: /mysql/.my.cnf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql/.my.cnf"] [unique_id "aGGEYeU-dj-hWt1UAd7gjgAAAAU"]
[Sun Jun 29 20:22:25.478465 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql/.my.cnf"] [unique_id "aGGEYeU-dj-hWt1UAd7gjgAAAAU"]
[Sun Jun 29 20:22:25.479392 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql/.my.cnf"] [unique_id "aGGEYeU-dj-hWt1UAd7gjgAAAAU"]
[Sun Jun 29 20:22:25.501107 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/mysqldump.sql"] [unique_id "aGGEYeU-dj-hWt1UAd7gjwAAAAU"]
[Sun Jun 29 20:22:25.501460 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mysqldump.sql"] [unique_id "aGGEYeU-dj-hWt1UAd7gjwAAAAU"]
[Sun Jun 29 20:22:25.501655 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mysqldump.sql"] [unique_id "aGGEYeU-dj-hWt1UAd7gjwAAAAU"]
[Sun Jun 29 20:22:25.546630 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gkQAAAAU"]
[Sun Jun 29 20:22:25.546942 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gkQAAAAU"]
[Sun Jun 29 20:22:25.547169 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gkQAAAAU"]
[Sun Jun 29 20:22:25.568981 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aGGEYeU-dj-hWt1UAd7gkgAAAAU"]
[Sun Jun 29 20:22:25.569217 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aGGEYeU-dj-hWt1UAd7gkgAAAAU"]
[Sun Jun 29 20:22:25.569419 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aGGEYeU-dj-hWt1UAd7gkgAAAAU"]
[Sun Jun 29 20:22:25.591361 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aGGEYeU-dj-hWt1UAd7gkwAAAAU"]
[Sun Jun 29 20:22:25.591607 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aGGEYeU-dj-hWt1UAd7gkwAAAAU"]
[Sun Jun 29 20:22:25.591802 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aGGEYeU-dj-hWt1UAd7gkwAAAAU"]
[Sun Jun 29 20:22:25.613807 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aGGEYeU-dj-hWt1UAd7glAAAAAU"]
[Sun Jun 29 20:22:25.614061 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aGGEYeU-dj-hWt1UAd7glAAAAAU"]
[Sun Jun 29 20:22:25.614259 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aGGEYeU-dj-hWt1UAd7glAAAAAU"]
[Sun Jun 29 20:22:25.636652 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx.conf"] [unique_id "aGGEYeU-dj-hWt1UAd7glQAAAAU"]
[Sun Jun 29 20:22:25.636982 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx.conf"] [unique_id "aGGEYeU-dj-hWt1UAd7glQAAAAU"]
[Sun Jun 29 20:22:25.637160 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx.conf"] [unique_id "aGGEYeU-dj-hWt1UAd7glQAAAAU"]
[Sun Jun 29 20:22:25.659215 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7glgAAAAU"]
[Sun Jun 29 20:22:25.659475 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7glgAAAAU"]
[Sun Jun 29 20:22:25.659693 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7glgAAAAU"]
[Sun Jun 29 20:22:25.683813 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aGGEYeU-dj-hWt1UAd7glwAAAAU"]
[Sun Jun 29 20:22:25.684133 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aGGEYeU-dj-hWt1UAd7glwAAAAU"]
[Sun Jun 29 20:22:25.684448 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aGGEYeU-dj-hWt1UAd7glwAAAAU"]
[Sun Jun 29 20:22:25.726785 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gmAAAAAU"]
[Sun Jun 29 20:22:25.727033 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gmAAAAAU"]
[Sun Jun 29 20:22:25.727248 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gmAAAAAU"]
[Sun Jun 29 20:22:25.764495 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gmQAAAAU"]
[Sun Jun 29 20:22:25.764756 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gmQAAAAU"]
[Sun Jun 29 20:22:25.764951 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aGGEYeU-dj-hWt1UAd7gmQAAAAU"]
[Sun Jun 29 20:22:25.820680 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aGGEYeU-dj-hWt1UAd7gmwAAAAU"]
[Sun Jun 29 20:22:25.821207 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aGGEYeU-dj-hWt1UAd7gmwAAAAU"]
[Sun Jun 29 20:22:25.821485 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aGGEYeU-dj-hWt1UAd7gmwAAAAU"]
[Sun Jun 29 20:22:30.661000 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aGGEZuU-dj-hWt1UAd7gnAAAAAU"]
[Sun Jun 29 20:22:30.661267 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aGGEZuU-dj-hWt1UAd7gnAAAAAU"]
[Sun Jun 29 20:22:30.662284 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aGGEZuU-dj-hWt1UAd7gnAAAAAU"]
[Sun Jun 29 20:22:30.706956 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/pg_dump.sql"] [unique_id "aGGEZuU-dj-hWt1UAd7gngAAAAU"]
[Sun Jun 29 20:22:30.707320 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pg_dump.sql"] [unique_id "aGGEZuU-dj-hWt1UAd7gngAAAAU"]
[Sun Jun 29 20:22:30.707516 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pg_dump.sql"] [unique_id "aGGEZuU-dj-hWt1UAd7gngAAAAU"]
[Sun Jun 29 20:22:30.776943 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aGGEZuU-dj-hWt1UAd7goQAAAAU"]
[Sun Jun 29 20:22:30.777011 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aGGEZuU-dj-hWt1UAd7goQAAAAU"]
[Sun Jun 29 20:22:30.777051 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aGGEZuU-dj-hWt1UAd7goQAAAAU"]
[Sun Jun 29 20:22:30.777866 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aGGEZuU-dj-hWt1UAd7goQAAAAU"]
[Sun Jun 29 20:22:30.778071 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aGGEZuU-dj-hWt1UAd7goQAAAAU"]
[Sun Jun 29 20:22:30.848230 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aGGEZuU-dj-hWt1UAd7gogAAAAU"]
[Sun Jun 29 20:22:30.848475 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aGGEZuU-dj-hWt1UAd7gogAAAAU"]
[Sun Jun 29 20:22:30.848668 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aGGEZuU-dj-hWt1UAd7gogAAAAU"]
[Sun Jun 29 20:22:30.871675 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aGGEZuU-dj-hWt1UAd7gowAAAAU"]
[Sun Jun 29 20:22:30.871925 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aGGEZuU-dj-hWt1UAd7gowAAAAU"]
[Sun Jun 29 20:22:30.872144 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aGGEZuU-dj-hWt1UAd7gowAAAAU"]
[Sun Jun 29 20:22:35.796386 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aGGEa-U-dj-hWt1UAd7gpwAAAAU"]
[Sun Jun 29 20:22:35.796625 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aGGEa-U-dj-hWt1UAd7gpwAAAAU"]
[Sun Jun 29 20:22:35.796812 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aGGEa-U-dj-hWt1UAd7gpwAAAAU"]
[Sun Jun 29 20:22:35.818915 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /public/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/config"] [unique_id "aGGEa-U-dj-hWt1UAd7gqAAAAAU"]
[Sun Jun 29 20:22:35.819183 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/config"] [unique_id "aGGEa-U-dj-hWt1UAd7gqAAAAAU"]
[Sun Jun 29 20:22:35.819373 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/config"] [unique_id "aGGEa-U-dj-hWt1UAd7gqAAAAAU"]
[Sun Jun 29 20:22:35.841363 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /public/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/credentials"] [unique_id "aGGEa-U-dj-hWt1UAd7gqQAAAAU"]
[Sun Jun 29 20:22:35.841661 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/credentials"] [unique_id "aGGEa-U-dj-hWt1UAd7gqQAAAAU"]
[Sun Jun 29 20:22:35.841890 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/credentials"] [unique_id "aGGEa-U-dj-hWt1UAd7gqQAAAAU"]
[Sun Jun 29 20:22:35.888122 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aGGEa-U-dj-hWt1UAd7gqwAAAAU"]
[Sun Jun 29 20:22:35.888377 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aGGEa-U-dj-hWt1UAd7gqwAAAAU"]
[Sun Jun 29 20:22:35.888600 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aGGEa-U-dj-hWt1UAd7gqwAAAAU"]
[Sun Jun 29 20:22:40.823734 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db.sql"] [unique_id "aGGEcOU-dj-hWt1UAd7gsQAAAAU"]
[Sun Jun 29 20:22:40.824075 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db.sql"] [unique_id "aGGEcOU-dj-hWt1UAd7gsQAAAAU"]
[Sun Jun 29 20:22:40.824269 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db.sql"] [unique_id "aGGEcOU-dj-hWt1UAd7gsQAAAAU"]
[Sun Jun 29 20:22:40.846018 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db_dump.sql"] [unique_id "aGGEcOU-dj-hWt1UAd7gsgAAAAU"]
[Sun Jun 29 20:22:40.846407 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db_dump.sql"] [unique_id "aGGEcOU-dj-hWt1UAd7gsgAAAAU"]
[Sun Jun 29 20:22:40.846609 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db_dump.sql"] [unique_id "aGGEcOU-dj-hWt1UAd7gsgAAAAU"]
[Sun Jun 29 20:22:46.030465 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aGGEduU-dj-hWt1UAd7gvQAAAAU"]
[Sun Jun 29 20:22:46.030721 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aGGEduU-dj-hWt1UAd7gvQAAAAU"]
[Sun Jun 29 20:22:46.030907 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aGGEduU-dj-hWt1UAd7gvQAAAAU"]
[Sun Jun 29 20:22:46.146111 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/s3-credentials.bak"] [unique_id "aGGEduU-dj-hWt1UAd7gwgAAAAU"]
[Sun Jun 29 20:22:46.146486 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3-credentials.bak"] [unique_id "aGGEduU-dj-hWt1UAd7gwgAAAAU"]
[Sun Jun 29 20:22:46.146728 2025] [:error] [pid 2968165] [client 185.177.72.107:22770] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3-credentials.bak"] [unique_id "aGGEduU-dj-hWt1UAd7gwgAAAAU"]
[Sun Jun 29 20:23:04.099880 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /s3/.aws/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config.json"] [unique_id "aGGEiHtTxOj9v32ojom6KAAAAAE"]
[Sun Jun 29 20:23:04.100135 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config.json"] [unique_id "aGGEiHtTxOj9v32ojom6KAAAAAE"]
[Sun Jun 29 20:23:04.100318 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config.json"] [unique_id "aGGEiHtTxOj9v32ojom6KAAAAAE"]
[Sun Jun 29 20:23:04.136103 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /s3/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/credentials"] [unique_id "aGGEiHtTxOj9v32ojom6KQAAAAE"]
[Sun Jun 29 20:23:04.136367 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/credentials"] [unique_id "aGGEiHtTxOj9v32ojom6KQAAAAE"]
[Sun Jun 29 20:23:04.136547 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/credentials"] [unique_id "aGGEiHtTxOj9v32ojom6KQAAAAE"]
[Sun Jun 29 20:23:04.156786 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /s3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env"] [unique_id "aGGEiHtTxOj9v32ojom6KgAAAAE"]
[Sun Jun 29 20:23:04.157052 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env"] [unique_id "aGGEiHtTxOj9v32ojom6KgAAAAE"]
[Sun Jun 29 20:23:04.157246 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env"] [unique_id "aGGEiHtTxOj9v32ojom6KgAAAAE"]
[Sun Jun 29 20:23:04.178315 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aGGEiHtTxOj9v32ojom6KwAAAAE"]
[Sun Jun 29 20:23:04.178516 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /s3/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aGGEiHtTxOj9v32ojom6KwAAAAE"]
[Sun Jun 29 20:23:04.178751 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aGGEiHtTxOj9v32ojom6KwAAAAE"]
[Sun Jun 29 20:23:04.178940 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aGGEiHtTxOj9v32ojom6KwAAAAE"]
[Sun Jun 29 20:23:09.270532 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secret/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/secret/.env"] [unique_id "aGGEjXtTxOj9v32ojom6OAAAAAE"]
[Sun Jun 29 20:23:09.270767 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/secret/.env"] [unique_id "aGGEjXtTxOj9v32ojom6OAAAAAE"]
[Sun Jun 29 20:23:09.270980 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/secret/.env"] [unique_id "aGGEjXtTxOj9v32ojom6OAAAAAE"]
[Sun Jun 29 20:23:09.312270 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/secrets/secret.key"] [unique_id "aGGEjXtTxOj9v32ojom6OgAAAAE"]
[Sun Jun 29 20:23:09.312618 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/secrets/secret.key"] [unique_id "aGGEjXtTxOj9v32ojom6OgAAAAE"]
[Sun Jun 29 20:23:09.312794 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/secrets/secret.key"] [unique_id "aGGEjXtTxOj9v32ojom6OgAAAAE"]
[Sun Jun 29 20:23:09.417757 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid.key"] [unique_id "aGGEjXtTxOj9v32ojom6PwAAAAE"]
[Sun Jun 29 20:23:09.418081 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid.key"] [unique_id "aGGEjXtTxOj9v32ojom6PwAAAAE"]
[Sun Jun 29 20:23:09.418262 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid.key"] [unique_id "aGGEjXtTxOj9v32ojom6PwAAAAE"]
[Sun Jun 29 20:23:09.593100 2025] [authz_core:error] [pid 2967919] [client 185.177.72.107:12082] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Sun Jun 29 20:23:14.254699 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGGEkntTxOj9v32ojom6RgAAAAE"]
[Sun Jun 29 20:23:14.254949 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGGEkntTxOj9v32ojom6RgAAAAE"]
[Sun Jun 29 20:23:14.255154 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGGEkntTxOj9v32ojom6RgAAAAE"]
[Sun Jun 29 20:23:19.304387 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site.conf"] [unique_id "aGGEl3tTxOj9v32ojom6WgAAAAE"]
[Sun Jun 29 20:23:19.304725 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site.conf"] [unique_id "aGGEl3tTxOj9v32ojom6WgAAAAE"]
[Sun Jun 29 20:23:19.304904 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site.conf"] [unique_id "aGGEl3tTxOj9v32ojom6WgAAAAE"]
[Sun Jun 29 20:23:19.325072 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site.sql"] [unique_id "aGGEl3tTxOj9v32ojom6WwAAAAE"]
[Sun Jun 29 20:23:19.325411 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site.sql"] [unique_id "aGGEl3tTxOj9v32ojom6WwAAAAE"]
[Sun Jun 29 20:23:19.325574 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site.sql"] [unique_id "aGGEl3tTxOj9v32ojom6WwAAAAE"]
[Sun Jun 29 20:23:19.378421 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aGGEl3tTxOj9v32ojom6XQAAAAE"]
[Sun Jun 29 20:23:19.378664 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aGGEl3tTxOj9v32ojom6XQAAAAE"]
[Sun Jun 29 20:23:19.378873 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aGGEl3tTxOj9v32ojom6XQAAAAE"]
[Sun Jun 29 20:23:19.414981 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.bak"] [unique_id "aGGEl3tTxOj9v32ojom6XgAAAAE"]
[Sun Jun 29 20:23:19.415128 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.bak"] [unique_id "aGGEl3tTxOj9v32ojom6XgAAAAE"]
[Sun Jun 29 20:23:19.415347 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.bak"] [unique_id "aGGEl3tTxOj9v32ojom6XgAAAAE"]
[Sun Jun 29 20:23:19.415523 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.bak"] [unique_id "aGGEl3tTxOj9v32ojom6XgAAAAE"]
[Sun Jun 29 20:23:19.437333 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.local"] [unique_id "aGGEl3tTxOj9v32ojom6XwAAAAE"]
[Sun Jun 29 20:23:19.437583 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.local"] [unique_id "aGGEl3tTxOj9v32ojom6XwAAAAE"]
[Sun Jun 29 20:23:19.437768 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.local"] [unique_id "aGGEl3tTxOj9v32ojom6XwAAAAE"]
[Sun Jun 29 20:23:19.462689 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.old"] [unique_id "aGGEl3tTxOj9v32ojom6YAAAAAE"]
[Sun Jun 29 20:23:19.462836 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.old"] [unique_id "aGGEl3tTxOj9v32ojom6YAAAAAE"]
[Sun Jun 29 20:23:19.463053 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.old"] [unique_id "aGGEl3tTxOj9v32ojom6YAAAAAE"]
[Sun Jun 29 20:23:19.463251 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.old"] [unique_id "aGGEl3tTxOj9v32ojom6YAAAAAE"]
[Sun Jun 29 20:23:19.516172 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.save"] [unique_id "aGGEl3tTxOj9v32ojom6YQAAAAE"]
[Sun Jun 29 20:23:19.516401 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.save"] [unique_id "aGGEl3tTxOj9v32ojom6YQAAAAE"]
[Sun Jun 29 20:23:19.516596 2025] [:error] [pid 2967919] [client 185.177.72.107:12082] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env.save"] [unique_id "aGGEl3tTxOj9v32ojom6YQAAAAE"]
[Sun Jun 29 20:23:30.950053 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/"] [unique_id "aGGEoqAIGT5SiqI9BxP-fwAAAAc"]
[Sun Jun 29 20:23:30.950316 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/"] [unique_id "aGGEoqAIGT5SiqI9BxP-fwAAAAc"]
[Sun Jun 29 20:23:30.951028 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/"] [unique_id "aGGEoqAIGT5SiqI9BxP-fwAAAAc"]
[Sun Jun 29 20:23:30.989194 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/HEAD"] [unique_id "aGGEoqAIGT5SiqI9BxP-gAAAAAc"]
[Sun Jun 29 20:23:30.989439 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/HEAD"] [unique_id "aGGEoqAIGT5SiqI9BxP-gAAAAAc"]
[Sun Jun 29 20:23:30.989623 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/HEAD"] [unique_id "aGGEoqAIGT5SiqI9BxP-gAAAAAc"]
[Sun Jun 29 20:23:31.071026 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "aGGEo6AIGT5SiqI9BxP-gQAAAAc"]
[Sun Jun 29 20:23:31.071391 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "aGGEo6AIGT5SiqI9BxP-gQAAAAc"]
[Sun Jun 29 20:23:31.071635 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/config"] [unique_id "aGGEo6AIGT5SiqI9BxP-gQAAAAc"]
[Sun Jun 29 20:23:31.228214 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /site/.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/logs/HEAD"] [unique_id "aGGEo6AIGT5SiqI9BxP-ggAAAAc"]
[Sun Jun 29 20:23:31.228465 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/logs/HEAD"] [unique_id "aGGEo6AIGT5SiqI9BxP-ggAAAAc"]
[Sun Jun 29 20:23:31.228686 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.git/logs/HEAD"] [unique_id "aGGEo6AIGT5SiqI9BxP-ggAAAAc"]
[Sun Jun 29 20:23:36.048000 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /site/.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.gitignore"] [unique_id "aGGEqKAIGT5SiqI9BxP-gwAAAAc"]
[Sun Jun 29 20:23:36.048248 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.gitignore"] [unique_id "aGGEqKAIGT5SiqI9BxP-gwAAAAc"]
[Sun Jun 29 20:23:36.048461 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.gitignore"] [unique_id "aGGEqKAIGT5SiqI9BxP-gwAAAAc"]
[Sun Jun 29 20:23:36.070431 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/access.log"] [unique_id "aGGEqKAIGT5SiqI9BxP-hAAAAAc"]
[Sun Jun 29 20:23:36.070791 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/access.log"] [unique_id "aGGEqKAIGT5SiqI9BxP-hAAAAAc"]
[Sun Jun 29 20:23:36.070988 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/access.log"] [unique_id "aGGEqKAIGT5SiqI9BxP-hAAAAAc"]
[Sun Jun 29 20:23:36.116060 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/app.js.bak"] [unique_id "aGGEqKAIGT5SiqI9BxP-hgAAAAc"]
[Sun Jun 29 20:23:36.116431 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/app.js.bak"] [unique_id "aGGEqKAIGT5SiqI9BxP-hgAAAAc"]
[Sun Jun 29 20:23:36.116636 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/app.js.bak"] [unique_id "aGGEqKAIGT5SiqI9BxP-hgAAAAc"]
[Sun Jun 29 20:23:36.138302 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/backup.sql"] [unique_id "aGGEqKAIGT5SiqI9BxP-hwAAAAc"]
[Sun Jun 29 20:23:36.138674 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/backup.sql"] [unique_id "aGGEqKAIGT5SiqI9BxP-hwAAAAc"]
[Sun Jun 29 20:23:36.138854 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/backup.sql"] [unique_id "aGGEqKAIGT5SiqI9BxP-hwAAAAc"]
[Sun Jun 29 20:23:36.275099 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/config.php.bak"] [unique_id "aGGEqKAIGT5SiqI9BxP-jQAAAAc"]
[Sun Jun 29 20:23:36.275457 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/config.php.bak"] [unique_id "aGGEqKAIGT5SiqI9BxP-jQAAAAc"]
[Sun Jun 29 20:23:36.275659 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/config.php.bak"] [unique_id "aGGEqKAIGT5SiqI9BxP-jQAAAAc"]
[Sun Jun 29 20:23:36.324612 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/db.sql"] [unique_id "aGGEqKAIGT5SiqI9BxP-jwAAAAc"]
[Sun Jun 29 20:23:36.324979 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/db.sql"] [unique_id "aGGEqKAIGT5SiqI9BxP-jwAAAAc"]
[Sun Jun 29 20:23:36.325169 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/db.sql"] [unique_id "aGGEqKAIGT5SiqI9BxP-jwAAAAc"]
[Sun Jun 29 20:23:41.349050 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/debug.log"] [unique_id "aGGEraAIGT5SiqI9BxP-kQAAAAc"]
[Sun Jun 29 20:23:41.349574 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/debug.log"] [unique_id "aGGEraAIGT5SiqI9BxP-kQAAAAc"]
[Sun Jun 29 20:23:41.349845 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/debug.log"] [unique_id "aGGEraAIGT5SiqI9BxP-kQAAAAc"]
[Sun Jun 29 20:23:41.394529 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/dump.sql"] [unique_id "aGGEraAIGT5SiqI9BxP-kwAAAAc"]
[Sun Jun 29 20:23:41.394872 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/dump.sql"] [unique_id "aGGEraAIGT5SiqI9BxP-kwAAAAc"]
[Sun Jun 29 20:23:41.395070 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/dump.sql"] [unique_id "aGGEraAIGT5SiqI9BxP-kwAAAAc"]
[Sun Jun 29 20:23:41.439640 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/error.log"] [unique_id "aGGEraAIGT5SiqI9BxP-lQAAAAc"]
[Sun Jun 29 20:23:41.440028 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/error.log"] [unique_id "aGGEraAIGT5SiqI9BxP-lQAAAAc"]
[Sun Jun 29 20:23:41.440231 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/error.log"] [unique_id "aGGEraAIGT5SiqI9BxP-lQAAAAc"]
[Sun Jun 29 20:23:41.509208 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/logs/error.log"] [unique_id "aGGEraAIGT5SiqI9BxP-mAAAAAc"]
[Sun Jun 29 20:23:41.509561 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/logs/error.log"] [unique_id "aGGEraAIGT5SiqI9BxP-mAAAAAc"]
[Sun Jun 29 20:23:41.509750 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/logs/error.log"] [unique_id "aGGEraAIGT5SiqI9BxP-mAAAAAc"]
[Sun Jun 29 20:23:46.480224 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/site.conf"] [unique_id "aGGEsqAIGT5SiqI9BxP-nQAAAAc"]
[Sun Jun 29 20:23:46.480596 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/site.conf"] [unique_id "aGGEsqAIGT5SiqI9BxP-nQAAAAc"]
[Sun Jun 29 20:23:46.480775 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/site.conf"] [unique_id "aGGEsqAIGT5SiqI9BxP-nQAAAAc"]
[Sun Jun 29 20:23:46.502523 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/site.sql"] [unique_id "aGGEsqAIGT5SiqI9BxP-ngAAAAc"]
[Sun Jun 29 20:23:46.502854 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/site.sql"] [unique_id "aGGEsqAIGT5SiqI9BxP-ngAAAAc"]
[Sun Jun 29 20:23:46.503024 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/site.sql"] [unique_id "aGGEsqAIGT5SiqI9BxP-ngAAAAc"]
[Sun Jun 29 20:23:46.524994 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /site/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/wp-config.php"] [unique_id "aGGEsqAIGT5SiqI9BxP-nwAAAAc"]
[Sun Jun 29 20:23:46.525254 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/wp-config.php"] [unique_id "aGGEsqAIGT5SiqI9BxP-nwAAAAc"]
[Sun Jun 29 20:23:46.525452 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/wp-config.php"] [unique_id "aGGEsqAIGT5SiqI9BxP-nwAAAAc"]
[Sun Jun 29 20:23:46.547218 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site/wp-config.php.old"] [unique_id "aGGEsqAIGT5SiqI9BxP-oAAAAAc"]
[Sun Jun 29 20:23:46.547381 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /site/wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/wp-config.php.old"] [unique_id "aGGEsqAIGT5SiqI9BxP-oAAAAAc"]
[Sun Jun 29 20:23:46.547633 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/wp-config.php.old"] [unique_id "aGGEsqAIGT5SiqI9BxP-oAAAAAc"]
[Sun Jun 29 20:23:46.547829 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/wp-config.php.old"] [unique_id "aGGEsqAIGT5SiqI9BxP-oAAAAAc"]
[Sun Jun 29 20:23:51.722310 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aGGEt6AIGT5SiqI9BxP-qwAAAAc"]
[Sun Jun 29 20:23:51.722567 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aGGEt6AIGT5SiqI9BxP-qwAAAAc"]
[Sun Jun 29 20:23:51.722761 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aGGEt6AIGT5SiqI9BxP-qwAAAAc"]
[Sun Jun 29 20:23:51.744605 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aGGEt6AIGT5SiqI9BxP-rAAAAAc"]
[Sun Jun 29 20:23:51.744746 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aGGEt6AIGT5SiqI9BxP-rAAAAAc"]
[Sun Jun 29 20:23:51.745022 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aGGEt6AIGT5SiqI9BxP-rAAAAAc"]
[Sun Jun 29 20:23:51.745199 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aGGEt6AIGT5SiqI9BxP-rAAAAAc"]
[Sun Jun 29 20:23:51.767093 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.local"] [unique_id "aGGEt6AIGT5SiqI9BxP-rQAAAAc"]
[Sun Jun 29 20:23:51.767347 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.local"] [unique_id "aGGEt6AIGT5SiqI9BxP-rQAAAAc"]
[Sun Jun 29 20:23:51.767535 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.local"] [unique_id "aGGEt6AIGT5SiqI9BxP-rQAAAAc"]
[Sun Jun 29 20:23:51.789245 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aGGEt6AIGT5SiqI9BxP-rgAAAAc"]
[Sun Jun 29 20:23:51.789407 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aGGEt6AIGT5SiqI9BxP-rgAAAAc"]
[Sun Jun 29 20:23:51.789634 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aGGEt6AIGT5SiqI9BxP-rgAAAAc"]
[Sun Jun 29 20:23:51.789814 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aGGEt6AIGT5SiqI9BxP-rgAAAAc"]
[Sun Jun 29 20:23:51.811681 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aGGEt6AIGT5SiqI9BxP-rwAAAAc"]
[Sun Jun 29 20:23:51.811922 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aGGEt6AIGT5SiqI9BxP-rwAAAAc"]
[Sun Jun 29 20:23:51.812114 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aGGEt6AIGT5SiqI9BxP-rwAAAAc"]
[Sun Jun 29 20:23:51.834116 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env~"] [unique_id "aGGEt6AIGT5SiqI9BxP-sAAAAAc"]
[Sun Jun 29 20:23:51.834377 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env~"] [unique_id "aGGEt6AIGT5SiqI9BxP-sAAAAAc"]
[Sun Jun 29 20:23:51.834561 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env~"] [unique_id "aGGEt6AIGT5SiqI9BxP-sAAAAAc"]
[Sun Jun 29 20:23:51.856354 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/"] [unique_id "aGGEt6AIGT5SiqI9BxP-sQAAAAc"]
[Sun Jun 29 20:23:51.856584 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/"] [unique_id "aGGEt6AIGT5SiqI9BxP-sQAAAAc"]
[Sun Jun 29 20:23:51.856767 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/"] [unique_id "aGGEt6AIGT5SiqI9BxP-sQAAAAc"]
[Sun Jun 29 20:23:51.878993 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/HEAD"] [unique_id "aGGEt6AIGT5SiqI9BxP-sgAAAAc"]
[Sun Jun 29 20:23:51.879227 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/HEAD"] [unique_id "aGGEt6AIGT5SiqI9BxP-sgAAAAc"]
[Sun Jun 29 20:23:51.879421 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/HEAD"] [unique_id "aGGEt6AIGT5SiqI9BxP-sgAAAAc"]
[Sun Jun 29 20:23:51.946217 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "aGGEt6AIGT5SiqI9BxP-swAAAAc"]
[Sun Jun 29 20:23:51.946479 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "aGGEt6AIGT5SiqI9BxP-swAAAAc"]
[Sun Jun 29 20:23:51.946691 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/config"] [unique_id "aGGEt6AIGT5SiqI9BxP-swAAAAc"]
[Sun Jun 29 20:23:51.971234 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /src/.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/logs/HEAD"] [unique_id "aGGEt6AIGT5SiqI9BxP-tAAAAAc"]
[Sun Jun 29 20:23:51.971505 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/logs/HEAD"] [unique_id "aGGEt6AIGT5SiqI9BxP-tAAAAAc"]
[Sun Jun 29 20:23:51.971686 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.git/logs/HEAD"] [unique_id "aGGEt6AIGT5SiqI9BxP-tAAAAAc"]
[Sun Jun 29 20:23:52.070252 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /src/.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.gitignore"] [unique_id "aGGEuKAIGT5SiqI9BxP-tQAAAAc"]
[Sun Jun 29 20:23:52.070537 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.gitignore"] [unique_id "aGGEuKAIGT5SiqI9BxP-tQAAAAc"]
[Sun Jun 29 20:23:52.070742 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.gitignore"] [unique_id "aGGEuKAIGT5SiqI9BxP-tQAAAAc"]
[Sun Jun 29 20:23:56.969512 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/access.log"] [unique_id "aGGEvKAIGT5SiqI9BxP-tgAAAAc"]
[Sun Jun 29 20:23:56.969888 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/access.log"] [unique_id "aGGEvKAIGT5SiqI9BxP-tgAAAAc"]
[Sun Jun 29 20:23:56.970092 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/access.log"] [unique_id "aGGEvKAIGT5SiqI9BxP-tgAAAAc"]
[Sun Jun 29 20:23:57.014775 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/app.js.bak"] [unique_id "aGGEvaAIGT5SiqI9BxP-uAAAAAc"]
[Sun Jun 29 20:23:57.015125 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/app.js.bak"] [unique_id "aGGEvaAIGT5SiqI9BxP-uAAAAAc"]
[Sun Jun 29 20:23:57.015310 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/app.js.bak"] [unique_id "aGGEvaAIGT5SiqI9BxP-uAAAAAc"]
[Sun Jun 29 20:23:57.037096 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/backup.sql"] [unique_id "aGGEvaAIGT5SiqI9BxP-uQAAAAc"]
[Sun Jun 29 20:23:57.037427 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/backup.sql"] [unique_id "aGGEvaAIGT5SiqI9BxP-uQAAAAc"]
[Sun Jun 29 20:23:57.037603 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/backup.sql"] [unique_id "aGGEvaAIGT5SiqI9BxP-uQAAAAc"]
[Sun Jun 29 20:23:57.183587 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/config.php.bak"] [unique_id "aGGEvaAIGT5SiqI9BxP-vwAAAAc"]
[Sun Jun 29 20:23:57.183928 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/config.php.bak"] [unique_id "aGGEvaAIGT5SiqI9BxP-vwAAAAc"]
[Sun Jun 29 20:23:57.184133 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/config.php.bak"] [unique_id "aGGEvaAIGT5SiqI9BxP-vwAAAAc"]
[Sun Jun 29 20:23:57.270289 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/db.sql"] [unique_id "aGGEvaAIGT5SiqI9BxP-wQAAAAc"]
[Sun Jun 29 20:23:57.270683 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/db.sql"] [unique_id "aGGEvaAIGT5SiqI9BxP-wQAAAAc"]
[Sun Jun 29 20:23:57.270875 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/db.sql"] [unique_id "aGGEvaAIGT5SiqI9BxP-wQAAAAc"]
[Sun Jun 29 20:24:01.251012 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/debug.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-wwAAAAc"]
[Sun Jun 29 20:24:01.251386 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/debug.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-wwAAAAc"]
[Sun Jun 29 20:24:01.251588 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/debug.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-wwAAAAc"]
[Sun Jun 29 20:24:01.297362 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/dump.sql"] [unique_id "aGGEwaAIGT5SiqI9BxP-xQAAAAc"]
[Sun Jun 29 20:24:01.297713 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/dump.sql"] [unique_id "aGGEwaAIGT5SiqI9BxP-xQAAAAc"]
[Sun Jun 29 20:24:01.297927 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/dump.sql"] [unique_id "aGGEwaAIGT5SiqI9BxP-xQAAAAc"]
[Sun Jun 29 20:24:01.343725 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/error.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-xwAAAAc"]
[Sun Jun 29 20:24:01.344118 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/error.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-xwAAAAc"]
[Sun Jun 29 20:24:01.344328 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/error.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-xwAAAAc"]
[Sun Jun 29 20:24:01.471772 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/logs/error.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-ygAAAAc"]
[Sun Jun 29 20:24:01.472123 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/logs/error.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-ygAAAAc"]
[Sun Jun 29 20:24:01.472316 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/logs/error.log"] [unique_id "aGGEwaAIGT5SiqI9BxP-ygAAAAc"]
[Sun Jun 29 20:24:06.399697 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/site.conf"] [unique_id "aGGExqAIGT5SiqI9BxP-zwAAAAc"]
[Sun Jun 29 20:24:06.400077 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/site.conf"] [unique_id "aGGExqAIGT5SiqI9BxP-zwAAAAc"]
[Sun Jun 29 20:24:06.400276 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/site.conf"] [unique_id "aGGExqAIGT5SiqI9BxP-zwAAAAc"]
[Sun Jun 29 20:24:06.422248 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/site.sql"] [unique_id "aGGExqAIGT5SiqI9BxP-0AAAAAc"]
[Sun Jun 29 20:24:06.422691 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/site.sql"] [unique_id "aGGExqAIGT5SiqI9BxP-0AAAAAc"]
[Sun Jun 29 20:24:06.422914 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/site.sql"] [unique_id "aGGExqAIGT5SiqI9BxP-0AAAAAc"]
[Sun Jun 29 20:24:06.444931 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /src/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/wp-config.php"] [unique_id "aGGExqAIGT5SiqI9BxP-0QAAAAc"]
[Sun Jun 29 20:24:06.445175 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/wp-config.php"] [unique_id "aGGExqAIGT5SiqI9BxP-0QAAAAc"]
[Sun Jun 29 20:24:06.445364 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/wp-config.php"] [unique_id "aGGExqAIGT5SiqI9BxP-0QAAAAc"]
[Sun Jun 29 20:24:06.467106 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/wp-config.php.old"] [unique_id "aGGExqAIGT5SiqI9BxP-0gAAAAc"]
[Sun Jun 29 20:24:06.467265 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /src/wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/wp-config.php.old"] [unique_id "aGGExqAIGT5SiqI9BxP-0gAAAAc"]
[Sun Jun 29 20:24:06.467499 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/wp-config.php.old"] [unique_id "aGGExqAIGT5SiqI9BxP-0gAAAAc"]
[Sun Jun 29 20:24:06.467737 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/wp-config.php.old"] [unique_id "aGGExqAIGT5SiqI9BxP-0gAAAAc"]
[Sun Jun 29 20:24:06.558224 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/ssl/private.key"] [unique_id "aGGExqAIGT5SiqI9BxP-1gAAAAc"]
[Sun Jun 29 20:24:06.558601 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ssl/private.key"] [unique_id "aGGExqAIGT5SiqI9BxP-1gAAAAc"]
[Sun Jun 29 20:24:06.558812 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ssl/private.key"] [unique_id "aGGExqAIGT5SiqI9BxP-1gAAAAc"]
[Sun Jun 29 20:24:06.673791 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGGExqAIGT5SiqI9BxP-2QAAAAc"]
[Sun Jun 29 20:24:06.674139 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGGExqAIGT5SiqI9BxP-2QAAAAc"]
[Sun Jun 29 20:24:06.674328 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGGExqAIGT5SiqI9BxP-2QAAAAc"]
[Sun Jun 29 20:24:06.740264 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "aGGExqAIGT5SiqI9BxP-2gAAAAc"]
[Sun Jun 29 20:24:06.740632 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "aGGExqAIGT5SiqI9BxP-2gAAAAc"]
[Sun Jun 29 20:24:06.740830 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "aGGExqAIGT5SiqI9BxP-2gAAAAc"]
[Sun Jun 29 20:24:11.404454 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "aGGEy6AIGT5SiqI9BxP-2wAAAAc"]
[Sun Jun 29 20:24:11.405584 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "aGGEy6AIGT5SiqI9BxP-2wAAAAc"]
[Sun Jun 29 20:24:11.405798 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "aGGEy6AIGT5SiqI9BxP-2wAAAAc"]
[Sun Jun 29 20:24:11.473266 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-3gAAAAc"]
[Sun Jun 29 20:24:11.473500 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-3gAAAAc"]
[Sun Jun 29 20:24:11.473677 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-3gAAAAc"]
[Sun Jun 29 20:24:11.518427 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-4AAAAAc"]
[Sun Jun 29 20:24:11.518679 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-4AAAAAc"]
[Sun Jun 29 20:24:11.518871 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-4AAAAAc"]
[Sun Jun 29 20:24:11.566857 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-4gAAAAc"]
[Sun Jun 29 20:24:11.567096 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-4gAAAAc"]
[Sun Jun 29 20:24:11.567288 2025] [:error] [pid 3059541] [client 185.177.72.107:52274] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aGGEy6AIGT5SiqI9BxP-4gAAAAc"]
[Sun Jun 29 20:24:13.728440 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/test"] [unique_id "aGGEzd8ZUWE-JFfvKe2U_wAAAAs"]
[Sun Jun 29 20:24:13.728875 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test"] [unique_id "aGGEzd8ZUWE-JFfvKe2U_wAAAAs"]
[Sun Jun 29 20:24:13.729085 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test"] [unique_id "aGGEzd8ZUWE-JFfvKe2U_wAAAAs"]
[Sun Jun 29 20:24:13.751317 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /tmp/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/config"] [unique_id "aGGEzd8ZUWE-JFfvKe2VAAAAAAs"]
[Sun Jun 29 20:24:13.751574 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/config"] [unique_id "aGGEzd8ZUWE-JFfvKe2VAAAAAAs"]
[Sun Jun 29 20:24:13.751770 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/config"] [unique_id "aGGEzd8ZUWE-JFfvKe2VAAAAAAs"]
[Sun Jun 29 20:24:13.774249 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /tmp/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/credentials"] [unique_id "aGGEzd8ZUWE-JFfvKe2VAQAAAAs"]
[Sun Jun 29 20:24:13.774538 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/credentials"] [unique_id "aGGEzd8ZUWE-JFfvKe2VAQAAAAs"]
[Sun Jun 29 20:24:13.774744 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/credentials"] [unique_id "aGGEzd8ZUWE-JFfvKe2VAQAAAAs"]
[Sun Jun 29 20:24:13.843679 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aGGEzd8ZUWE-JFfvKe2VBAAAAAs"]
[Sun Jun 29 20:24:13.843923 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aGGEzd8ZUWE-JFfvKe2VBAAAAAs"]
[Sun Jun 29 20:24:13.844121 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aGGEzd8ZUWE-JFfvKe2VBAAAAAs"]
[Sun Jun 29 20:24:13.937370 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db.sql"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCAAAAAs"]
[Sun Jun 29 20:24:13.937733 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db.sql"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCAAAAAs"]
[Sun Jun 29 20:24:13.937930 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db.sql"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCAAAAAs"]
[Sun Jun 29 20:24:13.960448 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db_dump.sql"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCQAAAAs"]
[Sun Jun 29 20:24:13.960802 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db_dump.sql"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCQAAAAs"]
[Sun Jun 29 20:24:13.961001 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db_dump.sql"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCQAAAAs"]
[Sun Jun 29 20:24:13.983803 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/error.log"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCgAAAAs"]
[Sun Jun 29 20:24:13.984153 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/error.log"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCgAAAAs"]
[Sun Jun 29 20:24:13.984361 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/error.log"] [unique_id "aGGEzd8ZUWE-JFfvKe2VCgAAAAs"]
[Sun Jun 29 20:24:19.053320 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vault/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vault/.env"] [unique_id "aGGE098ZUWE-JFfvKe2VEQAAAAs"]
[Sun Jun 29 20:24:19.053561 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vault/.env"] [unique_id "aGGE098ZUWE-JFfvKe2VEQAAAAs"]
[Sun Jun 29 20:24:19.053744 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vault/.env"] [unique_id "aGGE098ZUWE-JFfvKe2VEQAAAAs"]
[Sun Jun 29 20:24:19.102897 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /vendor/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/config"] [unique_id "aGGE098ZUWE-JFfvKe2VEwAAAAs"]
[Sun Jun 29 20:24:19.103147 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/config"] [unique_id "aGGE098ZUWE-JFfvKe2VEwAAAAs"]
[Sun Jun 29 20:24:19.103333 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/config"] [unique_id "aGGE098ZUWE-JFfvKe2VEwAAAAs"]
[Sun Jun 29 20:24:19.144237 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /vendor/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/credentials"] [unique_id "aGGE098ZUWE-JFfvKe2VFAAAAAs"]
[Sun Jun 29 20:24:19.144485 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/credentials"] [unique_id "aGGE098ZUWE-JFfvKe2VFAAAAAs"]
[Sun Jun 29 20:24:19.144684 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/credentials"] [unique_id "aGGE098ZUWE-JFfvKe2VFAAAAAs"]
[Sun Jun 29 20:24:22.994278 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aGGE1t8ZUWE-JFfvKe2VFwAAAAs"]
[Sun Jun 29 20:24:22.994559 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aGGE1t8ZUWE-JFfvKe2VFwAAAAs"]
[Sun Jun 29 20:24:22.994754 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aGGE1t8ZUWE-JFfvKe2VFwAAAAs"]
[Sun Jun 29 20:24:23.017122 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/aws/.env"] [unique_id "aGGE198ZUWE-JFfvKe2VGAAAAAs"]
[Sun Jun 29 20:24:23.017356 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/aws/.env"] [unique_id "aGGE198ZUWE-JFfvKe2VGAAAAAs"]
[Sun Jun 29 20:24:23.017538 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/aws/.env"] [unique_id "aGGE198ZUWE-JFfvKe2VGAAAAAs"]
[Sun Jun 29 20:24:23.179933 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aGGE198ZUWE-JFfvKe2VHgAAAAs"]
[Sun Jun 29 20:24:23.180170 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aGGE198ZUWE-JFfvKe2VHgAAAAs"]
[Sun Jun 29 20:24:23.180371 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aGGE198ZUWE-JFfvKe2VHgAAAAs"]
[Sun Jun 29 20:24:27.818237 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.bak"] [unique_id "aGGE298ZUWE-JFfvKe2VHwAAAAs"]
[Sun Jun 29 20:24:27.818419 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.bak"] [unique_id "aGGE298ZUWE-JFfvKe2VHwAAAAs"]
[Sun Jun 29 20:24:27.818653 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.bak"] [unique_id "aGGE298ZUWE-JFfvKe2VHwAAAAs"]
[Sun Jun 29 20:24:27.818861 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.bak"] [unique_id "aGGE298ZUWE-JFfvKe2VHwAAAAs"]
[Sun Jun 29 20:24:27.856647 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "aGGE298ZUWE-JFfvKe2VIAAAAAs"]
[Sun Jun 29 20:24:27.856891 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "aGGE298ZUWE-JFfvKe2VIAAAAAs"]
[Sun Jun 29 20:24:27.857096 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.local"] [unique_id "aGGE298ZUWE-JFfvKe2VIAAAAAs"]
[Sun Jun 29 20:24:27.879348 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.old"] [unique_id "aGGE298ZUWE-JFfvKe2VIQAAAAs"]
[Sun Jun 29 20:24:27.879507 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.old"] [unique_id "aGGE298ZUWE-JFfvKe2VIQAAAAs"]
[Sun Jun 29 20:24:27.879738 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.old"] [unique_id "aGGE298ZUWE-JFfvKe2VIQAAAAs"]
[Sun Jun 29 20:24:27.879951 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.old"] [unique_id "aGGE298ZUWE-JFfvKe2VIQAAAAs"]
[Sun Jun 29 20:24:27.902177 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.save"] [unique_id "aGGE298ZUWE-JFfvKe2VIgAAAAs"]
[Sun Jun 29 20:24:27.902438 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.save"] [unique_id "aGGE298ZUWE-JFfvKe2VIgAAAAs"]
[Sun Jun 29 20:24:27.902638 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env.save"] [unique_id "aGGE298ZUWE-JFfvKe2VIgAAAAs"]
[Sun Jun 29 20:24:27.924839 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env~"] [unique_id "aGGE298ZUWE-JFfvKe2VIwAAAAs"]
[Sun Jun 29 20:24:27.925077 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env~"] [unique_id "aGGE298ZUWE-JFfvKe2VIwAAAAs"]
[Sun Jun 29 20:24:27.925277 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env~"] [unique_id "aGGE298ZUWE-JFfvKe2VIwAAAAs"]
[Sun Jun 29 20:24:27.947586 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/"] [unique_id "aGGE298ZUWE-JFfvKe2VJAAAAAs"]
[Sun Jun 29 20:24:27.947834 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/"] [unique_id "aGGE298ZUWE-JFfvKe2VJAAAAAs"]
[Sun Jun 29 20:24:27.948052 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/"] [unique_id "aGGE298ZUWE-JFfvKe2VJAAAAAs"]
[Sun Jun 29 20:24:27.970516 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/HEAD"] [unique_id "aGGE298ZUWE-JFfvKe2VJQAAAAs"]
[Sun Jun 29 20:24:27.970760 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/HEAD"] [unique_id "aGGE298ZUWE-JFfvKe2VJQAAAAs"]
[Sun Jun 29 20:24:27.970946 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/HEAD"] [unique_id "aGGE298ZUWE-JFfvKe2VJQAAAAs"]
[Sun Jun 29 20:24:27.993271 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "aGGE298ZUWE-JFfvKe2VJgAAAAs"]
[Sun Jun 29 20:24:27.993506 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "aGGE298ZUWE-JFfvKe2VJgAAAAs"]
[Sun Jun 29 20:24:27.993716 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/config"] [unique_id "aGGE298ZUWE-JFfvKe2VJgAAAAs"]
[Sun Jun 29 20:24:28.016110 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /web/.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/logs/HEAD"] [unique_id "aGGE3N8ZUWE-JFfvKe2VJwAAAAs"]
[Sun Jun 29 20:24:28.016343 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/logs/HEAD"] [unique_id "aGGE3N8ZUWE-JFfvKe2VJwAAAAs"]
[Sun Jun 29 20:24:28.016530 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.git/logs/HEAD"] [unique_id "aGGE3N8ZUWE-JFfvKe2VJwAAAAs"]
[Sun Jun 29 20:24:28.038942 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /web/.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.gitignore"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKAAAAAs"]
[Sun Jun 29 20:24:28.039175 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.gitignore"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKAAAAAs"]
[Sun Jun 29 20:24:28.039375 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.gitignore"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKAAAAAs"]
[Sun Jun 29 20:24:28.061540 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/access.log"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKQAAAAs"]
[Sun Jun 29 20:24:28.061886 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/access.log"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKQAAAAs"]
[Sun Jun 29 20:24:28.062081 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/access.log"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKQAAAAs"]
[Sun Jun 29 20:24:28.110184 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/app.js.bak"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKwAAAAs"]
[Sun Jun 29 20:24:28.110634 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/app.js.bak"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKwAAAAs"]
[Sun Jun 29 20:24:28.110839 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/app.js.bak"] [unique_id "aGGE3N8ZUWE-JFfvKe2VKwAAAAs"]
[Sun Jun 29 20:24:28.211634 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/backup.sql"] [unique_id "aGGE3N8ZUWE-JFfvKe2VLAAAAAs"]
[Sun Jun 29 20:24:28.211996 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/backup.sql"] [unique_id "aGGE3N8ZUWE-JFfvKe2VLAAAAAs"]
[Sun Jun 29 20:24:28.212196 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/backup.sql"] [unique_id "aGGE3N8ZUWE-JFfvKe2VLAAAAAs"]
[Sun Jun 29 20:24:33.005371 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/config.php.bak"] [unique_id "aGGE4d8ZUWE-JFfvKe2VMgAAAAs"]
[Sun Jun 29 20:24:33.005725 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/config.php.bak"] [unique_id "aGGE4d8ZUWE-JFfvKe2VMgAAAAs"]
[Sun Jun 29 20:24:33.005921 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/config.php.bak"] [unique_id "aGGE4d8ZUWE-JFfvKe2VMgAAAAs"]
[Sun Jun 29 20:24:33.051600 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/db.sql"] [unique_id "aGGE4d8ZUWE-JFfvKe2VNAAAAAs"]
[Sun Jun 29 20:24:33.051949 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/db.sql"] [unique_id "aGGE4d8ZUWE-JFfvKe2VNAAAAAs"]
[Sun Jun 29 20:24:33.052149 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/db.sql"] [unique_id "aGGE4d8ZUWE-JFfvKe2VNAAAAAs"]
[Sun Jun 29 20:24:33.150751 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/debug.log"] [unique_id "aGGE4d8ZUWE-JFfvKe2VNgAAAAs"]
[Sun Jun 29 20:24:33.151098 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/debug.log"] [unique_id "aGGE4d8ZUWE-JFfvKe2VNgAAAAs"]
[Sun Jun 29 20:24:33.151290 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/debug.log"] [unique_id "aGGE4d8ZUWE-JFfvKe2VNgAAAAs"]
[Sun Jun 29 20:24:37.751717 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/dump.sql"] [unique_id "aGGE5d8ZUWE-JFfvKe2VOAAAAAs"]
[Sun Jun 29 20:24:37.752092 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/dump.sql"] [unique_id "aGGE5d8ZUWE-JFfvKe2VOAAAAAs"]
[Sun Jun 29 20:24:37.752310 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/dump.sql"] [unique_id "aGGE5d8ZUWE-JFfvKe2VOAAAAAs"]
[Sun Jun 29 20:24:37.797831 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/error.log"] [unique_id "aGGE5d8ZUWE-JFfvKe2VOgAAAAs"]
[Sun Jun 29 20:24:37.798187 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/error.log"] [unique_id "aGGE5d8ZUWE-JFfvKe2VOgAAAAs"]
[Sun Jun 29 20:24:37.798400 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/error.log"] [unique_id "aGGE5d8ZUWE-JFfvKe2VOgAAAAs"]
[Sun Jun 29 20:24:37.868647 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/logs/error.log"] [unique_id "aGGE5d8ZUWE-JFfvKe2VPQAAAAs"]
[Sun Jun 29 20:24:37.869048 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/logs/error.log"] [unique_id "aGGE5d8ZUWE-JFfvKe2VPQAAAAs"]
[Sun Jun 29 20:24:37.869242 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/logs/error.log"] [unique_id "aGGE5d8ZUWE-JFfvKe2VPQAAAAs"]
[Sun Jun 29 20:24:42.115687 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/site.conf"] [unique_id "aGGE6t8ZUWE-JFfvKe2VQgAAAAs"]
[Sun Jun 29 20:24:42.116043 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/site.conf"] [unique_id "aGGE6t8ZUWE-JFfvKe2VQgAAAAs"]
[Sun Jun 29 20:24:42.116245 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/site.conf"] [unique_id "aGGE6t8ZUWE-JFfvKe2VQgAAAAs"]
[Sun Jun 29 20:24:42.138471 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/site.sql"] [unique_id "aGGE6t8ZUWE-JFfvKe2VQwAAAAs"]
[Sun Jun 29 20:24:42.138838 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/site.sql"] [unique_id "aGGE6t8ZUWE-JFfvKe2VQwAAAAs"]
[Sun Jun 29 20:24:42.139036 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/site.sql"] [unique_id "aGGE6t8ZUWE-JFfvKe2VQwAAAAs"]
[Sun Jun 29 20:24:42.161316 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /web/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/wp-config.php"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRAAAAAs"]
[Sun Jun 29 20:24:42.161591 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/wp-config.php"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRAAAAAs"]
[Sun Jun 29 20:24:42.161795 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/wp-config.php"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRAAAAAs"]
[Sun Jun 29 20:24:42.184315 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web/wp-config.php.old"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRQAAAAs"]
[Sun Jun 29 20:24:42.184501 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /web/wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/wp-config.php.old"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRQAAAAs"]
[Sun Jun 29 20:24:42.184734 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/wp-config.php.old"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRQAAAAs"]
[Sun Jun 29 20:24:42.184932 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/wp-config.php.old"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRQAAAAs"]
[Sun Jun 29 20:24:42.207593 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRgAAAAs"]
[Sun Jun 29 20:24:42.207844 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRgAAAAs"]
[Sun Jun 29 20:24:42.208059 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRgAAAAs"]
[Sun Jun 29 20:24:42.230626 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRwAAAAs"]
[Sun Jun 29 20:24:42.230867 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRwAAAAs"]
[Sun Jun 29 20:24:42.231058 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aGGE6t8ZUWE-JFfvKe2VRwAAAAs"]
[Sun Jun 29 20:24:46.959291 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aGGE7t8ZUWE-JFfvKe2VSQAAAAs"]
[Sun Jun 29 20:24:46.959531 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aGGE7t8ZUWE-JFfvKe2VSQAAAAs"]
[Sun Jun 29 20:24:46.959756 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aGGE7t8ZUWE-JFfvKe2VSQAAAAs"]
[Sun Jun 29 20:24:46.981984 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aGGE7t8ZUWE-JFfvKe2VSgAAAAs"]
[Sun Jun 29 20:24:46.982138 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aGGE7t8ZUWE-JFfvKe2VSgAAAAs"]
[Sun Jun 29 20:24:46.982389 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aGGE7t8ZUWE-JFfvKe2VSgAAAAs"]
[Sun Jun 29 20:24:46.982576 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aGGE7t8ZUWE-JFfvKe2VSgAAAAs"]
[Sun Jun 29 20:24:47.004776 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aGGE798ZUWE-JFfvKe2VSwAAAAs"]
[Sun Jun 29 20:24:47.004955 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aGGE798ZUWE-JFfvKe2VSwAAAAs"]
[Sun Jun 29 20:24:47.005189 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aGGE798ZUWE-JFfvKe2VSwAAAAs"]
[Sun Jun 29 20:24:47.005380 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aGGE798ZUWE-JFfvKe2VSwAAAAs"]
[Sun Jun 29 20:24:47.027513 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.swp"] [unique_id "aGGE798ZUWE-JFfvKe2VTAAAAAs"]
[Sun Jun 29 20:24:47.027676 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.swp"] [unique_id "aGGE798ZUWE-JFfvKe2VTAAAAAs"]
[Sun Jun 29 20:24:47.027908 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.swp"] [unique_id "aGGE798ZUWE-JFfvKe2VTAAAAAs"]
[Sun Jun 29 20:24:47.028093 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.swp"] [unique_id "aGGE798ZUWE-JFfvKe2VTAAAAAs"]
[Sun Jun 29 20:24:47.073646 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aGGE798ZUWE-JFfvKe2VTgAAAAs"]
[Sun Jun 29 20:24:47.073887 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aGGE798ZUWE-JFfvKe2VTgAAAAs"]
[Sun Jun 29 20:24:47.074079 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aGGE798ZUWE-JFfvKe2VTgAAAAs"]
[Sun Jun 29 20:24:47.096308 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aGGE798ZUWE-JFfvKe2VTwAAAAs"]
[Sun Jun 29 20:24:47.096559 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aGGE798ZUWE-JFfvKe2VTwAAAAs"]
[Sun Jun 29 20:24:47.096749 2025] [:error] [pid 3205369] [client 185.177.72.107:65452] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aGGE798ZUWE-JFfvKe2VTwAAAAs"]
[Sun Jun 29 23:05:38.606977 2025] [:error] [pid 2967919] [client 198.55.98.91:59142] [client 198.55.98.91] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGGqontTxOj9v32ojom6aQAAAAE"]
[Sun Jun 29 23:05:38.607302 2025] [:error] [pid 2967919] [client 198.55.98.91:59142] [client 198.55.98.91] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGGqontTxOj9v32ojom6aQAAAAE"]
[Sun Jun 29 23:05:38.607486 2025] [:error] [pid 2967919] [client 198.55.98.91:59142] [client 198.55.98.91] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGGqontTxOj9v32ojom6aQAAAAE"]
[Mon Jun 30 00:23:45.298998 2025] [:error] [pid 3501028] [client 185.177.72.108:25154] [client 185.177.72.108] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGG88V4rGmi8UrXF-mbRlQAAAAQ"]
[Mon Jun 30 00:23:45.299326 2025] [:error] [pid 3501028] [client 185.177.72.108:25154] [client 185.177.72.108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGG88V4rGmi8UrXF-mbRlQAAAAQ"]
[Mon Jun 30 00:23:45.299500 2025] [:error] [pid 3501028] [client 185.177.72.108:25154] [client 185.177.72.108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGG88V4rGmi8UrXF-mbRlQAAAAQ"]
[Mon Jun 30 11:32:24.535944 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGJZqOohZhhhenRd2sIndAAAAAE"]
[Mon Jun 30 11:32:24.536255 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGJZqOohZhhhenRd2sIndAAAAAE"]
[Mon Jun 30 11:32:24.536438 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGJZqOohZhhhenRd2sIndAAAAAE"]
[Mon Jun 30 11:32:24.596227 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGJZqOohZhhhenRd2sIndQAAAAE"]
[Mon Jun 30 11:32:24.596497 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGJZqOohZhhhenRd2sIndQAAAAE"]
[Mon Jun 30 11:32:24.596691 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGJZqOohZhhhenRd2sIndQAAAAE"]
[Mon Jun 30 11:32:24.940984 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGJZqOohZhhhenRd2sIndgAAAAE"]
[Mon Jun 30 11:32:24.941234 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGJZqOohZhhhenRd2sIndgAAAAE"]
[Mon Jun 30 11:32:24.941434 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGJZqOohZhhhenRd2sIndgAAAAE"]
[Mon Jun 30 11:32:25.009351 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGJZqeohZhhhenRd2sIndwAAAAE"]
[Mon Jun 30 11:32:25.009609 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGJZqeohZhhhenRd2sIndwAAAAE"]
[Mon Jun 30 11:32:25.009810 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGJZqeohZhhhenRd2sIndwAAAAE"]
[Mon Jun 30 11:32:25.071020 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGJZqeohZhhhenRd2sIneAAAAAE"]
[Mon Jun 30 11:32:25.071269 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGJZqeohZhhhenRd2sIneAAAAAE"]
[Mon Jun 30 11:32:25.071499 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGJZqeohZhhhenRd2sIneAAAAAE"]
[Mon Jun 30 11:32:25.129355 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGJZqeohZhhhenRd2sIneQAAAAE"]
[Mon Jun 30 11:32:25.129633 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGJZqeohZhhhenRd2sIneQAAAAE"]
[Mon Jun 30 11:32:25.129842 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGJZqeohZhhhenRd2sIneQAAAAE"]
[Mon Jun 30 11:32:25.189982 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGJZqeohZhhhenRd2sInegAAAAE"]
[Mon Jun 30 11:32:25.190231 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGJZqeohZhhhenRd2sInegAAAAE"]
[Mon Jun 30 11:32:25.190454 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGJZqeohZhhhenRd2sInegAAAAE"]
[Mon Jun 30 11:32:25.312417 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGJZqeohZhhhenRd2sInewAAAAE"]
[Mon Jun 30 11:32:25.312672 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGJZqeohZhhhenRd2sInewAAAAE"]
[Mon Jun 30 11:32:25.312901 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGJZqeohZhhhenRd2sInewAAAAE"]
[Mon Jun 30 11:32:25.373153 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGJZqeohZhhhenRd2sInfAAAAAE"]
[Mon Jun 30 11:32:25.373420 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGJZqeohZhhhenRd2sInfAAAAAE"]
[Mon Jun 30 11:32:25.373635 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGJZqeohZhhhenRd2sInfAAAAAE"]
[Mon Jun 30 11:32:25.431883 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJZqeohZhhhenRd2sInfQAAAAE"]
[Mon Jun 30 11:32:25.432041 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJZqeohZhhhenRd2sInfQAAAAE"]
[Mon Jun 30 11:32:25.432312 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJZqeohZhhhenRd2sInfQAAAAE"]
[Mon Jun 30 11:32:25.432551 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJZqeohZhhhenRd2sInfQAAAAE"]
[Mon Jun 30 11:32:25.493180 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJZqeohZhhhenRd2sInfgAAAAE"]
[Mon Jun 30 11:32:25.493341 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJZqeohZhhhenRd2sInfgAAAAE"]
[Mon Jun 30 11:32:25.493579 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJZqeohZhhhenRd2sInfgAAAAE"]
[Mon Jun 30 11:32:25.493781 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJZqeohZhhhenRd2sInfgAAAAE"]
[Mon Jun 30 11:32:25.555298 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGJZqeohZhhhenRd2sInfwAAAAE"]
[Mon Jun 30 11:32:25.555566 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGJZqeohZhhhenRd2sInfwAAAAE"]
[Mon Jun 30 11:32:25.555791 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGJZqeohZhhhenRd2sInfwAAAAE"]
[Mon Jun 30 11:32:25.675220 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGJZqeohZhhhenRd2sIngQAAAAE"]
[Mon Jun 30 11:32:25.675463 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGJZqeohZhhhenRd2sIngQAAAAE"]
[Mon Jun 30 11:32:25.675647 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGJZqeohZhhhenRd2sIngQAAAAE"]
[Mon Jun 30 11:32:26.289632 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGJZquohZhhhenRd2sInggAAAAE"]
[Mon Jun 30 11:32:26.289899 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGJZquohZhhhenRd2sInggAAAAE"]
[Mon Jun 30 11:32:26.290099 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGJZquohZhhhenRd2sInggAAAAE"]
[Mon Jun 30 11:32:26.349008 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGJZquohZhhhenRd2sIngwAAAAE"]
[Mon Jun 30 11:32:26.349254 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGJZquohZhhhenRd2sIngwAAAAE"]
[Mon Jun 30 11:32:26.349452 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGJZquohZhhhenRd2sIngwAAAAE"]
[Mon Jun 30 11:32:26.410118 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGJZquohZhhhenRd2sInhAAAAAE"]
[Mon Jun 30 11:32:26.410405 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGJZquohZhhhenRd2sInhAAAAAE"]
[Mon Jun 30 11:32:26.410625 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGJZquohZhhhenRd2sInhAAAAAE"]
[Mon Jun 30 11:32:26.468995 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGJZquohZhhhenRd2sInhQAAAAE"]
[Mon Jun 30 11:32:26.469249 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGJZquohZhhhenRd2sInhQAAAAE"]
[Mon Jun 30 11:32:26.469474 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGJZquohZhhhenRd2sInhQAAAAE"]
[Mon Jun 30 11:32:26.529231 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGJZquohZhhhenRd2sInhgAAAAE"]
[Mon Jun 30 11:32:26.529481 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGJZquohZhhhenRd2sInhgAAAAE"]
[Mon Jun 30 11:32:26.529750 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGJZquohZhhhenRd2sInhgAAAAE"]
[Mon Jun 30 11:32:26.650329 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGJZquohZhhhenRd2sIniAAAAAE"]
[Mon Jun 30 11:32:26.650603 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGJZquohZhhhenRd2sIniAAAAAE"]
[Mon Jun 30 11:32:26.650796 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGJZquohZhhhenRd2sIniAAAAAE"]
[Mon Jun 30 11:32:26.709059 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGJZquohZhhhenRd2sIniQAAAAE"]
[Mon Jun 30 11:32:26.709308 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGJZquohZhhhenRd2sIniQAAAAE"]
[Mon Jun 30 11:32:26.709532 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGJZquohZhhhenRd2sIniQAAAAE"]
[Mon Jun 30 11:32:30.273138 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJZruohZhhhenRd2sInmAAAAAE"]
[Mon Jun 30 11:32:30.273410 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJZruohZhhhenRd2sInmAAAAAE"]
[Mon Jun 30 11:32:30.273635 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJZruohZhhhenRd2sInmAAAAAE"]
[Mon Jun 30 11:32:31.285124 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGJZr-ohZhhhenRd2sInmQAAAAE"]
[Mon Jun 30 11:32:31.285469 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGJZr-ohZhhhenRd2sInmQAAAAE"]
[Mon Jun 30 11:32:31.285723 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGJZr-ohZhhhenRd2sInmQAAAAE"]
[Mon Jun 30 11:32:31.345245 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGJZr-ohZhhhenRd2sInmgAAAAE"]
[Mon Jun 30 11:32:31.345488 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGJZr-ohZhhhenRd2sInmgAAAAE"]
[Mon Jun 30 11:32:31.345692 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGJZr-ohZhhhenRd2sInmgAAAAE"]
[Mon Jun 30 11:32:31.757867 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGJZr-ohZhhhenRd2sInnAAAAAE"]
[Mon Jun 30 11:32:31.758116 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGJZr-ohZhhhenRd2sInnAAAAAE"]
[Mon Jun 30 11:32:31.758315 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGJZr-ohZhhhenRd2sInnAAAAAE"]
[Mon Jun 30 11:32:33.005188 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGJZseohZhhhenRd2sInngAAAAE"]
[Mon Jun 30 11:32:33.005722 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGJZseohZhhhenRd2sInngAAAAE"]
[Mon Jun 30 11:32:33.005981 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGJZseohZhhhenRd2sInngAAAAE"]
[Mon Jun 30 11:32:33.066501 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGJZseohZhhhenRd2sInnwAAAAE"]
[Mon Jun 30 11:32:33.066857 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGJZseohZhhhenRd2sInnwAAAAE"]
[Mon Jun 30 11:32:33.067062 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGJZseohZhhhenRd2sInnwAAAAE"]
[Mon Jun 30 11:32:33.126599 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGJZseohZhhhenRd2sInoAAAAAE"]
[Mon Jun 30 11:32:33.126952 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGJZseohZhhhenRd2sInoAAAAAE"]
[Mon Jun 30 11:32:33.127155 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGJZseohZhhhenRd2sInoAAAAAE"]
[Mon Jun 30 11:32:33.187157 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGJZseohZhhhenRd2sInoQAAAAE"]
[Mon Jun 30 11:32:33.187527 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGJZseohZhhhenRd2sInoQAAAAE"]
[Mon Jun 30 11:32:33.187725 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGJZseohZhhhenRd2sInoQAAAAE"]
[Mon Jun 30 11:32:33.246571 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGJZseohZhhhenRd2sInogAAAAE"]
[Mon Jun 30 11:32:33.246931 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGJZseohZhhhenRd2sInogAAAAE"]
[Mon Jun 30 11:32:33.247128 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGJZseohZhhhenRd2sInogAAAAE"]
[Mon Jun 30 11:32:33.581578 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGJZseohZhhhenRd2sInowAAAAE"]
[Mon Jun 30 11:32:33.581959 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGJZseohZhhhenRd2sInowAAAAE"]
[Mon Jun 30 11:32:33.582158 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGJZseohZhhhenRd2sInowAAAAE"]
[Mon Jun 30 11:32:33.644255 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGJZseohZhhhenRd2sInpAAAAAE"]
[Mon Jun 30 11:32:33.644499 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGJZseohZhhhenRd2sInpAAAAAE"]
[Mon Jun 30 11:32:33.644705 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGJZseohZhhhenRd2sInpAAAAAE"]
[Mon Jun 30 11:32:34.093483 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGJZsuohZhhhenRd2sInpgAAAAE"]
[Mon Jun 30 11:32:34.093851 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGJZsuohZhhhenRd2sInpgAAAAE"]
[Mon Jun 30 11:32:34.094051 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGJZsuohZhhhenRd2sInpgAAAAE"]
[Mon Jun 30 11:32:34.153959 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGJZsuohZhhhenRd2sInpwAAAAE"]
[Mon Jun 30 11:32:34.154319 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGJZsuohZhhhenRd2sInpwAAAAE"]
[Mon Jun 30 11:32:34.154527 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGJZsuohZhhhenRd2sInpwAAAAE"]
[Mon Jun 30 11:32:34.227787 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGJZsuohZhhhenRd2sInqAAAAAE"]
[Mon Jun 30 11:32:34.228149 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGJZsuohZhhhenRd2sInqAAAAAE"]
[Mon Jun 30 11:32:34.228362 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGJZsuohZhhhenRd2sInqAAAAAE"]
[Mon Jun 30 11:32:34.293058 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGJZsuohZhhhenRd2sInqQAAAAE"]
[Mon Jun 30 11:32:34.293421 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGJZsuohZhhhenRd2sInqQAAAAE"]
[Mon Jun 30 11:32:34.293624 2025] [:error] [pid 3576956] [client 185.177.72.179:57380] [client 185.177.72.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGJZsuohZhhhenRd2sInqQAAAAE"]
[Mon Jun 30 12:50:25.456758 2025] [:error] [pid 3584309] [client 198.55.98.91:44250] [client 198.55.98.91] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJr8ThGnhOIO1HFUtPGkAAAAAY"]
[Mon Jun 30 12:50:25.457070 2025] [:error] [pid 3584309] [client 198.55.98.91:44250] [client 198.55.98.91] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJr8ThGnhOIO1HFUtPGkAAAAAY"]
[Mon Jun 30 12:50:25.457253 2025] [:error] [pid 3584309] [client 198.55.98.91:44250] [client 198.55.98.91] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJr8ThGnhOIO1HFUtPGkAAAAAY"]
[Mon Jun 30 13:40:51.531972 2025] [:error] [pid 3624148] [client 77.90.153.170:41670] [client 77.90.153.170] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJ3w5tDtSe7viRvdJRrzAAAAAk"]
[Mon Jun 30 13:40:51.532291 2025] [:error] [pid 3624148] [client 77.90.153.170:41670] [client 77.90.153.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJ3w5tDtSe7viRvdJRrzAAAAAk"]
[Mon Jun 30 13:40:51.532464 2025] [:error] [pid 3624148] [client 77.90.153.170:41670] [client 77.90.153.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJ3w5tDtSe7viRvdJRrzAAAAAk"]
[Mon Jun 30 14:12:19.092702 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VwAAAAAM"]
[Mon Jun 30 14:12:19.093036 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VwAAAAAM"]
[Mon Jun 30 14:12:19.093208 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VwAAAAAM"]
[Mon Jun 30 14:12:19.115111 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGJ_I_UyWlUzqRIbk96VwQAAAAM"]
[Mon Jun 30 14:12:19.115366 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGJ_I_UyWlUzqRIbk96VwQAAAAM"]
[Mon Jun 30 14:12:19.115548 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGJ_I_UyWlUzqRIbk96VwQAAAAM"]
[Mon Jun 30 14:12:19.137511 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGJ_I_UyWlUzqRIbk96VwgAAAAM"]
[Mon Jun 30 14:12:19.137770 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGJ_I_UyWlUzqRIbk96VwgAAAAM"]
[Mon Jun 30 14:12:19.137959 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGJ_I_UyWlUzqRIbk96VwgAAAAM"]
[Mon Jun 30 14:12:19.159832 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGJ_I_UyWlUzqRIbk96VwwAAAAM"]
[Mon Jun 30 14:12:19.160068 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGJ_I_UyWlUzqRIbk96VwwAAAAM"]
[Mon Jun 30 14:12:19.160259 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGJ_I_UyWlUzqRIbk96VwwAAAAM"]
[Mon Jun 30 14:12:19.182116 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGJ_I_UyWlUzqRIbk96VxAAAAAM"]
[Mon Jun 30 14:12:19.182386 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGJ_I_UyWlUzqRIbk96VxAAAAAM"]
[Mon Jun 30 14:12:19.182567 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGJ_I_UyWlUzqRIbk96VxAAAAAM"]
[Mon Jun 30 14:12:19.204469 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGJ_I_UyWlUzqRIbk96VxQAAAAM"]
[Mon Jun 30 14:12:19.204715 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGJ_I_UyWlUzqRIbk96VxQAAAAM"]
[Mon Jun 30 14:12:19.204908 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGJ_I_UyWlUzqRIbk96VxQAAAAM"]
[Mon Jun 30 14:12:19.226871 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGJ_I_UyWlUzqRIbk96VxgAAAAM"]
[Mon Jun 30 14:12:19.227115 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGJ_I_UyWlUzqRIbk96VxgAAAAM"]
[Mon Jun 30 14:12:19.227326 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGJ_I_UyWlUzqRIbk96VxgAAAAM"]
[Mon Jun 30 14:12:19.249301 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGJ_I_UyWlUzqRIbk96VxwAAAAM"]
[Mon Jun 30 14:12:19.249545 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGJ_I_UyWlUzqRIbk96VxwAAAAM"]
[Mon Jun 30 14:12:19.249853 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGJ_I_UyWlUzqRIbk96VxwAAAAM"]
[Mon Jun 30 14:12:19.272386 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGJ_I_UyWlUzqRIbk96VyAAAAAM"]
[Mon Jun 30 14:12:19.272794 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGJ_I_UyWlUzqRIbk96VyAAAAAM"]
[Mon Jun 30 14:12:19.273097 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGJ_I_UyWlUzqRIbk96VyAAAAAM"]
[Mon Jun 30 14:12:19.294879 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJ_I_UyWlUzqRIbk96VyQAAAAM"]
[Mon Jun 30 14:12:19.295038 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJ_I_UyWlUzqRIbk96VyQAAAAM"]
[Mon Jun 30 14:12:19.295292 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJ_I_UyWlUzqRIbk96VyQAAAAM"]
[Mon Jun 30 14:12:19.295507 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGJ_I_UyWlUzqRIbk96VyQAAAAM"]
[Mon Jun 30 14:12:19.318055 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJ_I_UyWlUzqRIbk96VygAAAAM"]
[Mon Jun 30 14:12:19.318221 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJ_I_UyWlUzqRIbk96VygAAAAM"]
[Mon Jun 30 14:12:19.318474 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJ_I_UyWlUzqRIbk96VygAAAAM"]
[Mon Jun 30 14:12:19.318684 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGJ_I_UyWlUzqRIbk96VygAAAAM"]
[Mon Jun 30 14:12:19.340727 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VywAAAAM"]
[Mon Jun 30 14:12:19.340974 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VywAAAAM"]
[Mon Jun 30 14:12:19.341176 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VywAAAAM"]
[Mon Jun 30 14:12:19.386285 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzQAAAAM"]
[Mon Jun 30 14:12:19.386565 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzQAAAAM"]
[Mon Jun 30 14:12:19.386772 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzQAAAAM"]
[Mon Jun 30 14:12:19.408732 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzgAAAAM"]
[Mon Jun 30 14:12:19.408976 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzgAAAAM"]
[Mon Jun 30 14:12:19.409169 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzgAAAAM"]
[Mon Jun 30 14:12:19.431202 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzwAAAAM"]
[Mon Jun 30 14:12:19.431446 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzwAAAAM"]
[Mon Jun 30 14:12:19.431641 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96VzwAAAAM"]
[Mon Jun 30 14:12:19.453609 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0AAAAAM"]
[Mon Jun 30 14:12:19.453849 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0AAAAAM"]
[Mon Jun 30 14:12:19.454038 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0AAAAAM"]
[Mon Jun 30 14:12:19.915434 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0QAAAAM"]
[Mon Jun 30 14:12:19.915677 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0QAAAAM"]
[Mon Jun 30 14:12:19.915877 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0QAAAAM"]
[Mon Jun 30 14:12:19.937759 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0gAAAAM"]
[Mon Jun 30 14:12:19.938003 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0gAAAAM"]
[Mon Jun 30 14:12:19.938277 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGJ_I_UyWlUzqRIbk96V0gAAAAM"]
[Mon Jun 30 14:12:19.983343 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGJ_I_UyWlUzqRIbk96V1AAAAAM"]
[Mon Jun 30 14:12:19.983597 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGJ_I_UyWlUzqRIbk96V1AAAAAM"]
[Mon Jun 30 14:12:19.983779 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGJ_I_UyWlUzqRIbk96V1AAAAAM"]
[Mon Jun 30 14:12:20.005729 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGJ_JPUyWlUzqRIbk96V1QAAAAM"]
[Mon Jun 30 14:12:20.005979 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGJ_JPUyWlUzqRIbk96V1QAAAAM"]
[Mon Jun 30 14:12:20.006183 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGJ_JPUyWlUzqRIbk96V1QAAAAM"]
[Mon Jun 30 14:12:20.357052 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJ_JPUyWlUzqRIbk96V5AAAAAM"]
[Mon Jun 30 14:12:20.357334 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJ_JPUyWlUzqRIbk96V5AAAAAM"]
[Mon Jun 30 14:12:20.357524 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGJ_JPUyWlUzqRIbk96V5AAAAAM"]
[Mon Jun 30 14:12:20.379476 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGJ_JPUyWlUzqRIbk96V5QAAAAM"]
[Mon Jun 30 14:12:20.379718 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGJ_JPUyWlUzqRIbk96V5QAAAAM"]
[Mon Jun 30 14:12:20.379916 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGJ_JPUyWlUzqRIbk96V5QAAAAM"]
[Mon Jun 30 14:12:20.402332 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGJ_JPUyWlUzqRIbk96V5gAAAAM"]
[Mon Jun 30 14:12:20.402739 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGJ_JPUyWlUzqRIbk96V5gAAAAM"]
[Mon Jun 30 14:12:20.403058 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGJ_JPUyWlUzqRIbk96V5gAAAAM"]
[Mon Jun 30 14:12:20.448120 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGJ_JPUyWlUzqRIbk96V6AAAAAM"]
[Mon Jun 30 14:12:20.448363 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGJ_JPUyWlUzqRIbk96V6AAAAAM"]
[Mon Jun 30 14:12:20.448561 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGJ_JPUyWlUzqRIbk96V6AAAAAM"]
[Mon Jun 30 14:12:20.494290 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V6gAAAAM"]
[Mon Jun 30 14:12:20.494705 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V6gAAAAM"]
[Mon Jun 30 14:12:20.494918 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V6gAAAAM"]
[Mon Jun 30 14:12:20.516783 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V6wAAAAM"]
[Mon Jun 30 14:12:20.517135 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V6wAAAAM"]
[Mon Jun 30 14:12:20.517370 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V6wAAAAM"]
[Mon Jun 30 14:12:20.539358 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7AAAAAM"]
[Mon Jun 30 14:12:20.539730 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7AAAAAM"]
[Mon Jun 30 14:12:20.539961 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7AAAAAM"]
[Mon Jun 30 14:12:20.561793 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7QAAAAM"]
[Mon Jun 30 14:12:20.562151 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7QAAAAM"]
[Mon Jun 30 14:12:20.562376 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7QAAAAM"]
[Mon Jun 30 14:12:20.584136 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7gAAAAM"]
[Mon Jun 30 14:12:20.584496 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7gAAAAM"]
[Mon Jun 30 14:12:20.584688 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7gAAAAM"]
[Mon Jun 30 14:12:20.606836 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7wAAAAM"]
[Mon Jun 30 14:12:20.607187 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7wAAAAM"]
[Mon Jun 30 14:12:20.607387 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGJ_JPUyWlUzqRIbk96V7wAAAAM"]
[Mon Jun 30 14:12:20.629339 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGJ_JPUyWlUzqRIbk96V8AAAAAM"]
[Mon Jun 30 14:12:20.629587 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGJ_JPUyWlUzqRIbk96V8AAAAAM"]
[Mon Jun 30 14:12:20.629783 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGJ_JPUyWlUzqRIbk96V8AAAAAM"]
[Mon Jun 30 14:12:20.674848 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGJ_JPUyWlUzqRIbk96V8gAAAAM"]
[Mon Jun 30 14:12:20.675196 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGJ_JPUyWlUzqRIbk96V8gAAAAM"]
[Mon Jun 30 14:12:20.675391 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGJ_JPUyWlUzqRIbk96V8gAAAAM"]
[Mon Jun 30 14:12:20.697467 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V8wAAAAM"]
[Mon Jun 30 14:12:20.697820 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V8wAAAAM"]
[Mon Jun 30 14:12:20.698010 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V8wAAAAM"]
[Mon Jun 30 14:12:20.719969 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V9AAAAAM"]
[Mon Jun 30 14:12:20.720327 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V9AAAAAM"]
[Mon Jun 30 14:12:20.720541 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V9AAAAAM"]
[Mon Jun 30 14:12:20.742564 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V9QAAAAM"]
[Mon Jun 30 14:12:20.742917 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V9QAAAAM"]
[Mon Jun 30 14:12:20.743122 2025] [:error] [pid 3739296] [client 185.177.72.10:34450] [client 185.177.72.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGJ_JPUyWlUzqRIbk96V9QAAAAM"]
[Mon Jun 30 20:20:06.894331 2025] [:error] [pid 3624148] [client 198.55.98.210:38280] [client 198.55.98.210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGLVVptDtSe7viRvdJRr3gAAAAk"]
[Mon Jun 30 20:20:06.894614 2025] [:error] [pid 3624148] [client 198.55.98.210:38280] [client 198.55.98.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGLVVptDtSe7viRvdJRr3gAAAAk"]
[Mon Jun 30 20:20:06.894791 2025] [:error] [pid 3624148] [client 198.55.98.210:38280] [client 198.55.98.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGLVVptDtSe7viRvdJRr3gAAAAk"]
[Tue Jul 01 03:01:26.588142 2025] [:error] [pid 4183423] [client 185.177.72.201:13508] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGMzZlOjHnrlwCr9vzYVowAAAAU"]
[Tue Jul 01 03:01:26.588466 2025] [:error] [pid 4183423] [client 185.177.72.201:13508] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGMzZlOjHnrlwCr9vzYVowAAAAU"]
[Tue Jul 01 03:01:26.588673 2025] [:error] [pid 4183423] [client 185.177.72.201:13508] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGMzZlOjHnrlwCr9vzYVowAAAAU"]
[Tue Jul 01 06:30:20.515455 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGNkXPZHrFQ9LfBs7ULsKwAAAAY"]
[Tue Jul 01 06:30:20.515721 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGNkXPZHrFQ9LfBs7ULsKwAAAAY"]
[Tue Jul 01 06:30:20.515905 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGNkXPZHrFQ9LfBs7ULsKwAAAAY"]
[Tue Jul 01 06:30:20.537587 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLAAAAAY"]
[Tue Jul 01 06:30:20.537823 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLAAAAAY"]
[Tue Jul 01 06:30:20.537990 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLAAAAAY"]
[Tue Jul 01 06:30:20.558089 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLQAAAAY"]
[Tue Jul 01 06:30:20.558322 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLQAAAAY"]
[Tue Jul 01 06:30:20.558509 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLQAAAAY"]
[Tue Jul 01 06:30:20.579022 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLgAAAAY"]
[Tue Jul 01 06:30:20.579307 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLgAAAAY"]
[Tue Jul 01 06:30:20.579505 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLgAAAAY"]
[Tue Jul 01 06:30:20.604148 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLwAAAAY"]
[Tue Jul 01 06:30:20.604377 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLwAAAAY"]
[Tue Jul 01 06:30:20.604829 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aGNkXPZHrFQ9LfBs7ULsLwAAAAY"]
[Tue Jul 01 06:30:20.625066 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGNkXPZHrFQ9LfBs7ULsMAAAAAY"]
[Tue Jul 01 06:30:20.625313 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGNkXPZHrFQ9LfBs7ULsMAAAAAY"]
[Tue Jul 01 06:30:20.625507 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aGNkXPZHrFQ9LfBs7ULsMAAAAAY"]
[Tue Jul 01 06:30:20.654262 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGNkXPZHrFQ9LfBs7ULsMQAAAAY"]
[Tue Jul 01 06:30:20.654508 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGNkXPZHrFQ9LfBs7ULsMQAAAAY"]
[Tue Jul 01 06:30:20.654712 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aGNkXPZHrFQ9LfBs7ULsMQAAAAY"]
[Tue Jul 01 06:30:23.051783 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsMgAAAAY"]
[Tue Jul 01 06:30:23.052032 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsMgAAAAY"]
[Tue Jul 01 06:30:23.052239 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsMgAAAAY"]
[Tue Jul 01 06:30:23.072401 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsMwAAAAY"]
[Tue Jul 01 06:30:23.072632 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsMwAAAAY"]
[Tue Jul 01 06:30:23.072810 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsMwAAAAY"]
[Tue Jul 01 06:30:23.092790 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNAAAAAY"]
[Tue Jul 01 06:30:23.092967 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNAAAAAY"]
[Tue Jul 01 06:30:23.093194 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNAAAAAY"]
[Tue Jul 01 06:30:23.093376 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNAAAAAY"]
[Tue Jul 01 06:30:23.113406 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNQAAAAY"]
[Tue Jul 01 06:30:23.113587 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNQAAAAY"]
[Tue Jul 01 06:30:23.113834 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNQAAAAY"]
[Tue Jul 01 06:30:23.114015 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNQAAAAY"]
[Tue Jul 01 06:30:23.134068 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNgAAAAY"]
[Tue Jul 01 06:30:23.134303 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNgAAAAY"]
[Tue Jul 01 06:30:23.134505 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsNgAAAAY"]
[Tue Jul 01 06:30:23.175967 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOAAAAAY"]
[Tue Jul 01 06:30:23.176199 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOAAAAAY"]
[Tue Jul 01 06:30:23.176385 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOAAAAAY"]
[Tue Jul 01 06:30:23.196402 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOQAAAAY"]
[Tue Jul 01 06:30:23.196630 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOQAAAAY"]
[Tue Jul 01 06:30:23.196802 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOQAAAAY"]
[Tue Jul 01 06:30:23.216906 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOgAAAAY"]
[Tue Jul 01 06:30:23.217136 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOgAAAAY"]
[Tue Jul 01 06:30:23.217404 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOgAAAAY"]
[Tue Jul 01 06:30:23.237352 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOwAAAAY"]
[Tue Jul 01 06:30:23.237589 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOwAAAAY"]
[Tue Jul 01 06:30:23.237787 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsOwAAAAY"]
[Tue Jul 01 06:30:23.257779 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPAAAAAY"]
[Tue Jul 01 06:30:23.258011 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPAAAAAY"]
[Tue Jul 01 06:30:23.258224 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPAAAAAY"]
[Tue Jul 01 06:30:23.278277 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPQAAAAY"]
[Tue Jul 01 06:30:23.278612 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPQAAAAY"]
[Tue Jul 01 06:30:23.278802 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPQAAAAY"]
[Tue Jul 01 06:30:23.320065 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPwAAAAY"]
[Tue Jul 01 06:30:23.320308 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPwAAAAY"]
[Tue Jul 01 06:30:23.320501 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsPwAAAAY"]
[Tue Jul 01 06:30:23.340530 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsQAAAAAY"]
[Tue Jul 01 06:30:23.340756 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsQAAAAAY"]
[Tue Jul 01 06:30:23.340924 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGNkX_ZHrFQ9LfBs7ULsQAAAAAY"]
[Tue Jul 01 06:30:27.430020 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsTwAAAAY"]
[Tue Jul 01 06:30:27.430271 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsTwAAAAY"]
[Tue Jul 01 06:30:27.430481 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsTwAAAAY"]
[Tue Jul 01 06:30:27.450624 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUAAAAAY"]
[Tue Jul 01 06:30:27.450856 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUAAAAAY"]
[Tue Jul 01 06:30:27.451035 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUAAAAAY"]
[Tue Jul 01 06:30:27.471272 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUQAAAAY"]
[Tue Jul 01 06:30:27.471519 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUQAAAAY"]
[Tue Jul 01 06:30:27.471706 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUQAAAAY"]
[Tue Jul 01 06:30:27.513855 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUwAAAAY"]
[Tue Jul 01 06:30:27.514087 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUwAAAAY"]
[Tue Jul 01 06:30:27.514300 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsUwAAAAY"]
[Tue Jul 01 06:30:27.555494 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVQAAAAY"]
[Tue Jul 01 06:30:27.555831 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVQAAAAY"]
[Tue Jul 01 06:30:27.556000 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVQAAAAY"]
[Tue Jul 01 06:30:27.576052 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVgAAAAY"]
[Tue Jul 01 06:30:27.576391 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVgAAAAY"]
[Tue Jul 01 06:30:27.576579 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVgAAAAY"]
[Tue Jul 01 06:30:27.613344 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVwAAAAY"]
[Tue Jul 01 06:30:27.613686 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVwAAAAY"]
[Tue Jul 01 06:30:27.613886 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aGNkY_ZHrFQ9LfBs7ULsVwAAAAY"]
[Tue Jul 01 06:30:29.390005 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWAAAAAY"]
[Tue Jul 01 06:30:29.390389 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWAAAAAY"]
[Tue Jul 01 06:30:29.390606 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWAAAAAY"]
[Tue Jul 01 06:30:29.417040 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWQAAAAY"]
[Tue Jul 01 06:30:29.417400 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWQAAAAY"]
[Tue Jul 01 06:30:29.417663 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWQAAAAY"]
[Tue Jul 01 06:30:29.437780 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWgAAAAY"]
[Tue Jul 01 06:30:29.438156 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWgAAAAY"]
[Tue Jul 01 06:30:29.438384 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWgAAAAY"]
[Tue Jul 01 06:30:29.458567 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWwAAAAY"]
[Tue Jul 01 06:30:29.458810 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWwAAAAY"]
[Tue Jul 01 06:30:29.459002 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aGNkZfZHrFQ9LfBs7ULsWwAAAAY"]
[Tue Jul 01 06:30:29.500239 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXQAAAAY"]
[Tue Jul 01 06:30:29.500611 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXQAAAAY"]
[Tue Jul 01 06:30:29.500811 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXQAAAAY"]
[Tue Jul 01 06:30:29.520832 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXgAAAAY"]
[Tue Jul 01 06:30:29.521182 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXgAAAAY"]
[Tue Jul 01 06:30:29.521375 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXgAAAAY"]
[Tue Jul 01 06:30:29.541765 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXwAAAAY"]
[Tue Jul 01 06:30:29.542310 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXwAAAAY"]
[Tue Jul 01 06:30:29.542614 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsXwAAAAY"]
[Tue Jul 01 06:30:29.562747 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsYAAAAAY"]
[Tue Jul 01 06:30:29.563089 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsYAAAAAY"]
[Tue Jul 01 06:30:29.563271 2025] [:error] [pid 4183505] [client 185.177.72.210:25290] [client 185.177.72.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aGNkZfZHrFQ9LfBs7ULsYAAAAAY"]
[Tue Jul 01 22:14:15.576033 2025] [:error] [pid 368016] [client 185.177.72.34:44268] [client 185.177.72.34] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGRBl_sXy7KKRL0nZqEyGQAAABg"]
[Tue Jul 01 22:14:15.577895 2025] [:error] [pid 368016] [client 185.177.72.34:44268] [client 185.177.72.34] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGRBl_sXy7KKRL0nZqEyGQAAABg"]
[Tue Jul 01 22:14:15.578101 2025] [:error] [pid 368016] [client 185.177.72.34:44268] [client 185.177.72.34] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGRBl_sXy7KKRL0nZqEyGQAAABg"]
[Tue Jul 01 22:29:26.246282 2025] [:error] [pid 4184634] [client 185.177.72.16:62993] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGRFJrSvsww1pC5Bamvs7AAAAAw"]
[Tue Jul 01 22:29:26.246789 2025] [:error] [pid 4184634] [client 185.177.72.16:62993] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGRFJrSvsww1pC5Bamvs7AAAAAw"]
[Tue Jul 01 22:29:26.247046 2025] [:error] [pid 4184634] [client 185.177.72.16:62993] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGRFJrSvsww1pC5Bamvs7AAAAAw"]
[Tue Jul 01 22:29:26.358617 2025] [:error] [pid 4183833] [client 185.177.72.16:63926] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGRFJjF7JWw87UMwoaOWrQAAAAc"]
[Tue Jul 01 22:29:26.358881 2025] [:error] [pid 4183833] [client 185.177.72.16:63926] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGRFJjF7JWw87UMwoaOWrQAAAAc"]
[Tue Jul 01 22:29:26.359058 2025] [:error] [pid 4183833] [client 185.177.72.16:63926] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGRFJjF7JWw87UMwoaOWrQAAAAc"]
[Tue Jul 01 22:29:26.473696 2025] [:error] [pid 4183423] [client 185.177.72.16:64707] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGRFJlOjHnrlwCr9vzYV4gAAAAU"]
[Tue Jul 01 22:29:26.473955 2025] [:error] [pid 4183423] [client 185.177.72.16:64707] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGRFJlOjHnrlwCr9vzYV4gAAAAU"]
[Tue Jul 01 22:29:26.474152 2025] [:error] [pid 4183423] [client 185.177.72.16:64707] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGRFJlOjHnrlwCr9vzYV4gAAAAU"]
[Wed Jul 02 06:29:29.279157 2025] [:error] [pid 596643] [client 195.178.110.161:42936] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGS1qdOlC-WXwmDfXpM-BAAAAAE"]
[Wed Jul 02 06:29:29.280342 2025] [:error] [pid 596643] [client 195.178.110.161:42936] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGS1qdOlC-WXwmDfXpM-BAAAAAE"]
[Wed Jul 02 06:29:29.280544 2025] [:error] [pid 596643] [client 195.178.110.161:42936] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGS1qdOlC-WXwmDfXpM-BAAAAAE"]
[Wed Jul 02 19:55:12.619439 2025] [:error] [pid 818758] [client 45.148.10.80:59852] [client 45.148.10.80] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGVygOGJvLFogFczGxHUPAAAABU"]
[Wed Jul 02 19:55:12.619750 2025] [:error] [pid 818758] [client 45.148.10.80:59852] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGVygOGJvLFogFczGxHUPAAAABU"]
[Wed Jul 02 19:55:12.619950 2025] [:error] [pid 818758] [client 45.148.10.80:59852] [client 45.148.10.80] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGVygOGJvLFogFczGxHUPAAAABU"]
[Wed Jul 02 20:24:57.566850 2025] [:error] [pid 818758] [client 185.177.72.12:59464] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGV5eeGJvLFogFczGxHUPwAAABU"]
[Wed Jul 02 20:24:57.567115 2025] [:error] [pid 818758] [client 185.177.72.12:59464] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGV5eeGJvLFogFczGxHUPwAAABU"]
[Wed Jul 02 20:24:57.567284 2025] [:error] [pid 818758] [client 185.177.72.12:59464] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGV5eeGJvLFogFczGxHUPwAAABU"]
[Wed Jul 02 20:24:57.687537 2025] [:error] [pid 719646] [client 185.177.72.12:60034] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGV5eaAZQ1dF1wKfHsaHSAAAAAk"]
[Wed Jul 02 20:24:57.687911 2025] [:error] [pid 719646] [client 185.177.72.12:60034] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGV5eaAZQ1dF1wKfHsaHSAAAAAk"]
[Wed Jul 02 20:24:57.688187 2025] [:error] [pid 719646] [client 185.177.72.12:60034] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aGV5eaAZQ1dF1wKfHsaHSAAAAAk"]
[Wed Jul 02 20:24:57.813963 2025] [:error] [pid 818761] [client 185.177.72.12:60528] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGV5eVLas-cCR8ugp8alcgAAABg"]
[Wed Jul 02 20:24:57.814272 2025] [:error] [pid 818761] [client 185.177.72.12:60528] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGV5eVLas-cCR8ugp8alcgAAABg"]
[Wed Jul 02 20:24:57.814480 2025] [:error] [pid 818761] [client 185.177.72.12:60528] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aGV5eVLas-cCR8ugp8alcgAAABg"]
[Wed Jul 02 21:53:31.182911 2025] [:error] [pid 596643] [client 68.183.125.250:35652] [client 68.183.125.250] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aGWOO9OlC-WXwmDfXpM-OwAAAAE"]
[Wed Jul 02 21:53:31.368387 2025] [:error] [pid 719688] [client 68.183.125.250:35656] [client 68.183.125.250] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "pms.test.indacotrentino.com"] [uri "/favicon.ico"] [unique_id "aGWOO7sXhVlf4UqKNR0b_wAAAAo"], referer: http://pms.test.indacotrentino.com/
[Wed Jul 02 21:53:31.742609 2025] [:error] [pid 603909] [client 68.183.125.250:36264] [client 68.183.125.250] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "pms.test.indacotrentino.com"] [uri "/index.html"] [unique_id "aGWOO60TbxfFvx4g9C3JwAAAAAc"]
[Wed Jul 02 21:53:33.993018 2025] [:error] [pid 893197] [client 68.183.125.250:36362] [client 68.183.125.250] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "pms.test.indacotrentino.com"] [uri "/favicon.ico"] [unique_id "aGWOPcDcuQLufYyLyoOz0QAAAAA"], referer: https://pms.test.indacotrentino.com/
[Wed Jul 02 22:29:08.863573 2025] [:error] [pid 893197] [client 165.154.254.143:51474] [client 165.154.254.143] ModSecurity: Audit log: Failed writing (requested 15 bytes, written 0): No space left on device [hostname "pms.test.indacotrentino.com"] [uri "[Thu Jul 03 06:08:06.635900 2025] [:error] [pid 903586] [client 185.177.72.104:16024] [client 185.177.72.104] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGYCJkl5jc7Rmms0x7fNCwAAAAs"]
[Thu Jul 03 06:08:06.636186 2025] [:error] [pid 903586] [client 185.177.72.104:16024] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGYCJkl5jc7Rmms0x7fNCwAAAAs"]
[Thu Jul 03 06:08:06.636379 2025] [:error] [pid 903586] [client 185.177.72.104:16024] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aGYCJkl5jc7Rmms0x7fNCwAAAAs"]
[Thu Jul 03 06:08:06.656530 2025] [:error] [pid 903586] [client 185.177.72.104:16024] [client 185.177.72.104] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGYCJkl5jc7Rmms0x7fNDAAAAAs"]
[Thu Jul 03 06:08:06.656766 2025] [:error] [pid 903586] [client 185.177.72.104:16024] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGYCJkl5jc7Rmms0x7fNDAAAAAs"]
[Thu Jul 03 06:08:06.656946 2025] [:error] [pid 903586] [client 185.177.72.104:16024] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGYCJkl5jc7Rmms0x7fNDAAAAAs"]
[Thu Jul 03 06:09:15.291470 2025] [:error] [pid 903582] [client 185.177.72.104:8214] [client 185.177.72.104] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup.sql"] [unique_id "aGYCa-A8EmNakMYNXdonZgAAAAc"]
[Thu Jul 03 06:09:15.291893 2025] [:error] [pid 903582] [client 185.177.72.104:8214] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup.sql"] [unique_id "aGYCa-A8EmNakMYNXdonZgAAAAc"]
[Thu Jul 03 06:09:15.292118 2025] [:error] [pid 903582] [client 185.177.72.104:8214] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup.sql"] [unique_id "aGYCa-A8EmNakMYNXdonZgAAAAc"]
[Thu Jul 03 06:09:28.894772 2025] [:error] [pid 902949] [client 185.177.72.104:14302] [client 185.177.72.104] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/mysql.sql"] [unique_id "aGYCeHFz7LPgqS17l7Hv1wAAAAQ"]
[Thu Jul 03 06:09:28.895158 2025] [:error] [pid 902949] [client 185.177.72.104:14302] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/mysql.sql"] [unique_id "aGYCeHFz7LPgqS17l7Hv1wAAAAQ"]
[Thu Jul 03 06:09:28.895328 2025] [:error] [pid 902949] [client 185.177.72.104:14302] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/mysql.sql"] [unique_id "aGYCeHFz7LPgqS17l7Hv1wAAAAQ"]
[Thu Jul 03 14:00:18.628343 2025] [:error] [pid 902947] [client 195.178.110.253:41542] [client 195.178.110.253] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGZw0jSdzfpFiyzUMRpIGgAAAAI"]
[Thu Jul 03 14:00:18.628660 2025] [:error] [pid 902947] [client 195.178.110.253:41542] [client 195.178.110.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGZw0jSdzfpFiyzUMRpIGgAAAAI"]
[Thu Jul 03 14:00:18.628838 2025] [:error] [pid 902947] [client 195.178.110.253:41542] [client 195.178.110.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGZw0jSdzfpFiyzUMRpIGgAAAAI"]
[Fri Jul 04 00:51:38.617641 2025] [:error] [pid 922346] [client 93.123.109.7:49566] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGcJeoFZvmkmlzORog2-qAAAAAA"]
[Fri Jul 04 00:51:38.617946 2025] [:error] [pid 922346] [client 93.123.109.7:49566] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGcJeoFZvmkmlzORog2-qAAAAAA"]
[Fri Jul 04 00:51:38.618133 2025] [:error] [pid 922346] [client 93.123.109.7:49566] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGcJeoFZvmkmlzORog2-qAAAAAA"]
[Sat Jul 05 00:17:32.666485 2025] [:error] [pid 942652] [client 34.162.253.252:41300] [client 34.162.253.252] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGhS_MqXJCCoDsG49TMD5QAAAAI"]
[Sat Jul 05 00:17:32.668236 2025] [:error] [pid 942652] [client 34.162.253.252:41300] [client 34.162.253.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGhS_MqXJCCoDsG49TMD5QAAAAI"]
[Sat Jul 05 00:17:32.668426 2025] [:error] [pid 942652] [client 34.162.253.252:41300] [client 34.162.253.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGhS_MqXJCCoDsG49TMD5QAAAAI"]
[Sat Jul 05 00:17:32.778710 2025] [:error] [pid 942652] [client 34.162.253.252:41300] [client 34.162.253.252] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGhS_MqXJCCoDsG49TMD5gAAAAI"]
[Sat Jul 05 00:17:32.779007 2025] [:error] [pid 942652] [client 34.162.253.252:41300] [client 34.162.253.252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGhS_MqXJCCoDsG49TMD5gAAAAI"]
[Sat Jul 05 00:17:32.779246 2025] [:error] [pid 942652] [client 34.162.253.252:41300] [client 34.162.253.252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGhS_MqXJCCoDsG49TMD5gAAAAI"]
[Sat Jul 05 00:30:19.999758 2025] [:error] [pid 942650] [client 34.162.67.90:33276] [client 34.162.67.90] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGhV-29wyLDK4mgLIEz-ngAAAAA"]
[Sat Jul 05 00:30:20.000053 2025] [:error] [pid 942650] [client 34.162.67.90:33276] [client 34.162.67.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGhV-29wyLDK4mgLIEz-ngAAAAA"]
[Sat Jul 05 00:30:20.000284 2025] [:error] [pid 942650] [client 34.162.67.90:33276] [client 34.162.67.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGhV-29wyLDK4mgLIEz-ngAAAAA"]
[Sat Jul 05 00:30:20.110137 2025] [:error] [pid 942650] [client 34.162.67.90:33276] [client 34.162.67.90] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGhV_G9wyLDK4mgLIEz-nwAAAAA"]
[Sat Jul 05 00:30:20.110405 2025] [:error] [pid 942650] [client 34.162.67.90:33276] [client 34.162.67.90] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGhV_G9wyLDK4mgLIEz-nwAAAAA"]
[Sat Jul 05 00:30:20.110596 2025] [:error] [pid 942650] [client 34.162.67.90:33276] [client 34.162.67.90] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGhV_G9wyLDK4mgLIEz-nwAAAAA"]
[Sat Jul 05 06:30:31.250009 2025] [:error] [pid 945017] [client 34.162.135.97:37670] [client 34.162.135.97] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGiqZwYPiW9TpyX8Dsay9QAAAAM"]
[Sat Jul 05 06:30:31.250287 2025] [:error] [pid 945017] [client 34.162.135.97:37670] [client 34.162.135.97] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGiqZwYPiW9TpyX8Dsay9QAAAAM"]
[Sat Jul 05 06:30:31.250497 2025] [:error] [pid 945017] [client 34.162.135.97:37670] [client 34.162.135.97] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGiqZwYPiW9TpyX8Dsay9QAAAAM"]
[Sat Jul 05 06:30:31.360966 2025] [:error] [pid 945017] [client 34.162.135.97:37670] [client 34.162.135.97] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGiqZwYPiW9TpyX8Dsay9gAAAAM"]
[Sat Jul 05 06:30:31.361185 2025] [:error] [pid 945017] [client 34.162.135.97:37670] [client 34.162.135.97] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGiqZwYPiW9TpyX8Dsay9gAAAAM"]
[Sat Jul 05 06:30:31.361369 2025] [:error] [pid 945017] [client 34.162.135.97:37670] [client 34.162.135.97] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGiqZwYPiW9TpyX8Dsay9gAAAAM"]
[Sat Jul 05 10:15:51.327305 2025] [:error] [pid 945204] [client 34.162.128.241:53634] [client 34.162.128.241] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGjfN530TDEiU-DmXzLZ5QAAAAY"]
[Sat Jul 05 10:15:51.328234 2025] [:error] [pid 945204] [client 34.162.128.241:53634] [client 34.162.128.241] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGjfN530TDEiU-DmXzLZ5QAAAAY"]
[Sat Jul 05 10:15:51.328444 2025] [:error] [pid 945204] [client 34.162.128.241:53634] [client 34.162.128.241] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGjfN530TDEiU-DmXzLZ5QAAAAY"]
[Sat Jul 05 10:15:51.465891 2025] [:error] [pid 945204] [client 34.162.128.241:53634] [client 34.162.128.241] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGjfN530TDEiU-DmXzLZ5gAAAAY"]
[Sat Jul 05 10:15:51.466104 2025] [:error] [pid 945204] [client 34.162.128.241:53634] [client 34.162.128.241] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGjfN530TDEiU-DmXzLZ5gAAAAY"]
[Sat Jul 05 10:15:51.466284 2025] [:error] [pid 945204] [client 34.162.128.241:53634] [client 34.162.128.241] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGjfN530TDEiU-DmXzLZ5gAAAAY"]
[Sat Jul 05 11:56:37.302321 2025] [:error] [pid 945014] [client 34.162.177.31:60858] [client 34.162.177.31] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGj21cq4zXHhTgDcWkZbTAAAAAA"]
[Sat Jul 05 11:56:37.302644 2025] [:error] [pid 945014] [client 34.162.177.31:60858] [client 34.162.177.31] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGj21cq4zXHhTgDcWkZbTAAAAAA"]
[Sat Jul 05 11:56:37.302855 2025] [:error] [pid 945014] [client 34.162.177.31:60858] [client 34.162.177.31] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGj21cq4zXHhTgDcWkZbTAAAAAA"]
[Sat Jul 05 11:56:37.414754 2025] [:error] [pid 945014] [client 34.162.177.31:60858] [client 34.162.177.31] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGj21cq4zXHhTgDcWkZbTQAAAAA"]
[Sat Jul 05 11:56:37.414967 2025] [:error] [pid 945014] [client 34.162.177.31:60858] [client 34.162.177.31] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGj21cq4zXHhTgDcWkZbTQAAAAA"]
[Sat Jul 05 11:56:37.415142 2025] [:error] [pid 945014] [client 34.162.177.31:60858] [client 34.162.177.31] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGj21cq4zXHhTgDcWkZbTQAAAAA"]
[Sat Jul 05 13:16:10.819152 2025] [:error] [pid 945017] [client 77.90.153.170:35652] [client 77.90.153.170] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGkJegYPiW9TpyX8DsazFwAAAAM"]
[Sat Jul 05 13:16:10.819457 2025] [:error] [pid 945017] [client 77.90.153.170:35652] [client 77.90.153.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGkJegYPiW9TpyX8DsazFwAAAAM"]
[Sat Jul 05 13:16:10.819627 2025] [:error] [pid 945017] [client 77.90.153.170:35652] [client 77.90.153.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGkJegYPiW9TpyX8DsazFwAAAAM"]
[Sat Jul 05 15:09:55.178851 2025] [:error] [pid 945015] [client 198.55.98.91:53008] [client 198.55.98.91] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGkkI4nQ3HXSURt4X9K-QwAAAAE"]
[Sat Jul 05 15:09:55.179209 2025] [:error] [pid 945015] [client 198.55.98.91:53008] [client 198.55.98.91] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGkkI4nQ3HXSURt4X9K-QwAAAAE"]
[Sat Jul 05 15:09:55.179401 2025] [:error] [pid 945015] [client 198.55.98.91:53008] [client 198.55.98.91] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGkkI4nQ3HXSURt4X9K-QwAAAAE"]
[Sat Jul 05 18:34:17.010726 2025] [:error] [pid 945204] [client 34.162.27.173:54828] [client 34.162.27.173] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGlUCZ30TDEiU-DmXzLaAQAAAAY"]
[Sat Jul 05 18:34:17.010963 2025] [:error] [pid 945204] [client 34.162.27.173:54828] [client 34.162.27.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGlUCZ30TDEiU-DmXzLaAQAAAAY"]
[Sat Jul 05 18:34:17.011131 2025] [:error] [pid 945204] [client 34.162.27.173:54828] [client 34.162.27.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGlUCZ30TDEiU-DmXzLaAQAAAAY"]
[Sat Jul 05 18:34:17.121806 2025] [:error] [pid 945204] [client 34.162.27.173:54828] [client 34.162.27.173] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGlUCZ30TDEiU-DmXzLaAgAAAAY"]
[Sat Jul 05 18:34:17.122029 2025] [:error] [pid 945204] [client 34.162.27.173:54828] [client 34.162.27.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGlUCZ30TDEiU-DmXzLaAgAAAAY"]
[Sat Jul 05 18:34:17.122220 2025] [:error] [pid 945204] [client 34.162.27.173:54828] [client 34.162.27.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGlUCZ30TDEiU-DmXzLaAgAAAAY"]
[Sat Jul 05 18:44:05.838433 2025] [:error] [pid 945014] [client 98.81.251.210:35160] [client 98.81.251.210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGlWVcq4zXHhTgDcWkZbZgAAAAA"]
[Sat Jul 05 18:44:05.838709 2025] [:error] [pid 945014] [client 98.81.251.210:35160] [client 98.81.251.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGlWVcq4zXHhTgDcWkZbZgAAAAA"]
[Sat Jul 05 18:44:05.838894 2025] [:error] [pid 945014] [client 98.81.251.210:35160] [client 98.81.251.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGlWVcq4zXHhTgDcWkZbZgAAAAA"]
[Sat Jul 05 19:32:20.170812 2025] [:error] [pid 945017] [client 34.162.213.107:49170] [client 34.162.213.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGlhpAYPiW9TpyX8DsazMAAAAAM"]
[Sat Jul 05 19:32:20.171204 2025] [:error] [pid 945017] [client 34.162.213.107:49170] [client 34.162.213.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGlhpAYPiW9TpyX8DsazMAAAAAM"]
[Sat Jul 05 19:32:20.171415 2025] [:error] [pid 945017] [client 34.162.213.107:49170] [client 34.162.213.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGlhpAYPiW9TpyX8DsazMAAAAAM"]
[Sat Jul 05 19:32:20.281951 2025] [:error] [pid 945017] [client 34.162.213.107:49170] [client 34.162.213.107] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGlhpAYPiW9TpyX8DsazMQAAAAM"]
[Sat Jul 05 19:32:20.282177 2025] [:error] [pid 945017] [client 34.162.213.107:49170] [client 34.162.213.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGlhpAYPiW9TpyX8DsazMQAAAAM"]
[Sat Jul 05 19:32:20.282394 2025] [:error] [pid 945017] [client 34.162.213.107:49170] [client 34.162.213.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGlhpAYPiW9TpyX8DsazMQAAAAM"]
[Sat Jul 05 22:21:17.795110 2025] [:error] [pid 945020] [client 34.162.58.99:59678] [client 34.162.58.99] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGmJPXmYY6U6UiQyU3bChgAAAAU"]
[Sat Jul 05 22:21:17.795434 2025] [:error] [pid 945020] [client 34.162.58.99:59678] [client 34.162.58.99] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGmJPXmYY6U6UiQyU3bChgAAAAU"]
[Sat Jul 05 22:21:17.795606 2025] [:error] [pid 945020] [client 34.162.58.99:59678] [client 34.162.58.99] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGmJPXmYY6U6UiQyU3bChgAAAAU"]
[Sat Jul 05 22:21:17.905315 2025] [:error] [pid 945020] [client 34.162.58.99:59678] [client 34.162.58.99] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGmJPXmYY6U6UiQyU3bChwAAAAU"]
[Sat Jul 05 22:21:17.905532 2025] [:error] [pid 945020] [client 34.162.58.99:59678] [client 34.162.58.99] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGmJPXmYY6U6UiQyU3bChwAAAAU"]
[Sat Jul 05 22:21:17.905706 2025] [:error] [pid 945020] [client 34.162.58.99:59678] [client 34.162.58.99] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGmJPXmYY6U6UiQyU3bChwAAAAU"]
[Sun Jul 06 02:33:39.914928 2025] [:error] [pid 964486] [client 77.90.153.227:57938] [client 77.90.153.227] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGnEY5_XjI1sh51iQy-_uAAAAAc"]
[Sun Jul 06 02:33:39.915160 2025] [:error] [pid 964486] [client 77.90.153.227:57938] [client 77.90.153.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGnEY5_XjI1sh51iQy-_uAAAAAc"]
[Sun Jul 06 02:33:39.915330 2025] [:error] [pid 964486] [client 77.90.153.227:57938] [client 77.90.153.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGnEY5_XjI1sh51iQy-_uAAAAAc"]
[Sun Jul 06 02:33:40.112256 2025] [:error] [pid 964485] [client 77.90.153.227:57944] [client 77.90.153.227] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGnEZMIbBjcmfwUN4XFf-gAAAAY"]
[Sun Jul 06 02:33:40.112602 2025] [:error] [pid 964485] [client 77.90.153.227:57944] [client 77.90.153.227] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGnEZMIbBjcmfwUN4XFf-gAAAAY"]
[Sun Jul 06 02:33:40.112856 2025] [:error] [pid 964485] [client 77.90.153.227:57944] [client 77.90.153.227] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aGnEZMIbBjcmfwUN4XFf-gAAAAY"]
[Sun Jul 06 05:35:51.843161 2025] [:error] [pid 968044] [client 194.26.192.144:46540] [client 194.26.192.144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGnvFxcrdhACkz4kNY6eigAAAAU"]
[Sun Jul 06 05:35:51.843461 2025] [:error] [pid 968044] [client 194.26.192.144:46540] [client 194.26.192.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGnvFxcrdhACkz4kNY6eigAAAAU"]
[Sun Jul 06 05:35:51.843644 2025] [:error] [pid 968044] [client 194.26.192.144:46540] [client 194.26.192.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aGnvFxcrdhACkz4kNY6eigAAAAU"]
[Sun Jul 06 11:42:45.713395 2025] [:error] [pid 971495] [client 34.162.91.162:34254] [client 34.162.91.162] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGpFFe2Nyf8Rve5hHQmvuQAAAAk"]
[Sun Jul 06 11:42:45.713629 2025] [:error] [pid 971495] [client 34.162.91.162:34254] [client 34.162.91.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGpFFe2Nyf8Rve5hHQmvuQAAAAk"]
[Sun Jul 06 11:42:45.713834 2025] [:error] [pid 971495] [client 34.162.91.162:34254] [client 34.162.91.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGpFFe2Nyf8Rve5hHQmvuQAAAAk"]
[Sun Jul 06 11:42:45.824306 2025] [:error] [pid 971495] [client 34.162.91.162:34254] [client 34.162.91.162] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGpFFe2Nyf8Rve5hHQmvugAAAAk"]
[Sun Jul 06 11:42:45.824543 2025] [:error] [pid 971495] [client 34.162.91.162:34254] [client 34.162.91.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGpFFe2Nyf8Rve5hHQmvugAAAAk"]
[Sun Jul 06 11:42:45.824754 2025] [:error] [pid 971495] [client 34.162.91.162:34254] [client 34.162.91.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aGpFFe2Nyf8Rve5hHQmvugAAAAk"]
[Mon Jul 07 16:30:57.314329 2025] [:error] [pid 989737] [client 143.198.191.145:53440] [client 143.198.191.145] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGvaIRJindOavju_e6FH2AAAAAE"]
[Mon Jul 07 16:30:57.315717 2025] [:error] [pid 989737] [client 143.198.191.145:53440] [client 143.198.191.145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGvaIRJindOavju_e6FH2AAAAAE"]
[Mon Jul 07 16:30:57.315895 2025] [:error] [pid 989737] [client 143.198.191.145:53440] [client 143.198.191.145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aGvaIRJindOavju_e6FH2AAAAAE"]
[Tue Jul 08 22:18:43.832572 2025] [:error] [pid 1019731] [client 93.123.109.7:35490] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG19I4OzY7QMeULNSgpz9AAAAAE"]
[Tue Jul 08 22:18:43.832858 2025] [:error] [pid 1019731] [client 93.123.109.7:35490] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG19I4OzY7QMeULNSgpz9AAAAAE"]
[Tue Jul 08 22:18:43.833060 2025] [:error] [pid 1019731] [client 93.123.109.7:35490] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG19I4OzY7QMeULNSgpz9AAAAAE"]
[Wed Jul 09 05:43:46.373982 2025] [:error] [pid 1038973] [client 3.22.104.232:47794] [client 3.22.104.232] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aG3lckyuGrklR8K3jTrUQQAAAAM"]
[Wed Jul 09 05:43:46.374444 2025] [:error] [pid 1038973] [client 3.22.104.232:47794] [client 3.22.104.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aG3lckyuGrklR8K3jTrUQQAAAAM"]
[Wed Jul 09 05:43:46.374668 2025] [:error] [pid 1038973] [client 3.22.104.232:47794] [client 3.22.104.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aG3lckyuGrklR8K3jTrUQQAAAAM"]
[Thu Jul 10 08:34:47.315705 2025] [:error] [pid 1065740] [client 185.177.72.106:31070] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aG9fBwzhmzdfviWTGmKwtwAAAAM"]
[Thu Jul 10 08:34:47.316820 2025] [:error] [pid 1065740] [client 185.177.72.106:31070] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aG9fBwzhmzdfviWTGmKwtwAAAAM"]
[Thu Jul 10 08:34:47.317024 2025] [:error] [pid 1065740] [client 185.177.72.106:31070] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aG9fBwzhmzdfviWTGmKwtwAAAAM"]
[Thu Jul 10 08:34:56.928823 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /doc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/doc/.env"] [unique_id "aG9fEAjBNbXpUinoYOHGzQAAAAg"]
[Thu Jul 10 08:34:56.929071 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/doc/.env"] [unique_id "aG9fEAjBNbXpUinoYOHGzQAAAAg"]
[Thu Jul 10 08:34:56.929250 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/doc/.env"] [unique_id "aG9fEAjBNbXpUinoYOHGzQAAAAg"]
[Thu Jul 10 08:34:56.989886 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.smtp_access"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp_access"] [unique_id "aG9fEAjBNbXpUinoYOHGzgAAAAg"]
[Thu Jul 10 08:34:56.990216 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp_access"] [unique_id "aG9fEAjBNbXpUinoYOHGzgAAAAg"]
[Thu Jul 10 08:34:56.990509 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp_access"] [unique_id "aG9fEAjBNbXpUinoYOHGzgAAAAg"]
[Thu Jul 10 08:34:57.028967 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aG9fEQjBNbXpUinoYOHGzwAAAAg"]
[Thu Jul 10 08:34:57.029193 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aG9fEQjBNbXpUinoYOHGzwAAAAg"]
[Thu Jul 10 08:34:57.029484 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aG9fEQjBNbXpUinoYOHGzwAAAAg"]
[Thu Jul 10 08:34:57.029736 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aG9fEQjBNbXpUinoYOHGzwAAAAg"]
[Thu Jul 10 08:34:57.335565 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1AAAAAg"]
[Thu Jul 10 08:34:57.335810 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1AAAAAg"]
[Thu Jul 10 08:34:57.336026 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1AAAAAg"]
[Thu Jul 10 08:34:57.531389 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1gAAAAg"]
[Thu Jul 10 08:34:57.531637 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1gAAAAg"]
[Thu Jul 10 08:34:57.531847 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1gAAAAg"]
[Thu Jul 10 08:34:57.705451 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/traefik/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/traefik/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1wAAAAg"]
[Thu Jul 10 08:34:57.705826 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/traefik/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1wAAAAg"]
[Thu Jul 10 08:34:57.706115 2025] [:error] [pid 1070368] [client 185.177.72.106:29220] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/traefik/.env"] [unique_id "aG9fEQjBNbXpUinoYOHG1wAAAAg"]
[Thu Jul 10 08:35:07.361346 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aG9fG6fTzetFftLHN63tkwAAAAQ"]
[Thu Jul 10 08:35:07.361621 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aG9fG6fTzetFftLHN63tkwAAAAQ"]
[Thu Jul 10 08:35:07.361819 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aG9fG6fTzetFftLHN63tkwAAAAQ"]
[Thu Jul 10 08:35:07.410428 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aG9fG6fTzetFftLHN63tlAAAAAQ"]
[Thu Jul 10 08:35:07.410706 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aG9fG6fTzetFftLHN63tlAAAAAQ"]
[Thu Jul 10 08:35:07.410943 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aG9fG6fTzetFftLHN63tlAAAAAQ"]
[Thu Jul 10 08:35:07.530583 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_old2014"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php_old2014"] [unique_id "aG9fG6fTzetFftLHN63tlgAAAAQ"]
[Thu Jul 10 08:35:07.530959 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php_old2014"] [unique_id "aG9fG6fTzetFftLHN63tlgAAAAQ"]
[Thu Jul 10 08:35:07.531227 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php_old2014"] [unique_id "aG9fG6fTzetFftLHN63tlgAAAAQ"]
[Thu Jul 10 08:35:07.583364 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aG9fG6fTzetFftLHN63tlwAAAAQ"]
[Thu Jul 10 08:35:07.583609 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aG9fG6fTzetFftLHN63tlwAAAAQ"]
[Thu Jul 10 08:35:07.583800 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aG9fG6fTzetFftLHN63tlwAAAAQ"]
[Thu Jul 10 08:35:07.665501 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aG9fG6fTzetFftLHN63tmAAAAAQ"]
[Thu Jul 10 08:35:07.665755 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aG9fG6fTzetFftLHN63tmAAAAAQ"]
[Thu Jul 10 08:35:07.665992 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aG9fG6fTzetFftLHN63tmAAAAAQ"]
[Thu Jul 10 08:35:07.701466 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aG9fG6fTzetFftLHN63tmQAAAAQ"]
[Thu Jul 10 08:35:07.701712 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aG9fG6fTzetFftLHN63tmQAAAAQ"]
[Thu Jul 10 08:35:07.701922 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aG9fG6fTzetFftLHN63tmQAAAAQ"]
[Thu Jul 10 08:35:07.785594 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aG9fG6fTzetFftLHN63tmwAAAAQ"]
[Thu Jul 10 08:35:07.785973 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aG9fG6fTzetFftLHN63tmwAAAAQ"]
[Thu Jul 10 08:35:07.786257 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aG9fG6fTzetFftLHN63tmwAAAAQ"]
[Thu Jul 10 08:35:07.818969 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /hotpot-app-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hotpot-app-frontend/.env"] [unique_id "aG9fG6fTzetFftLHN63tnAAAAAQ"]
[Thu Jul 10 08:35:07.819259 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hotpot-app-frontend/.env"] [unique_id "aG9fG6fTzetFftLHN63tnAAAAAQ"]
[Thu Jul 10 08:35:07.819468 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hotpot-app-frontend/.env"] [unique_id "aG9fG6fTzetFftLHN63tnAAAAAQ"]
[Thu Jul 10 08:35:07.882115 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.smtp_host"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp_host"] [unique_id "aG9fG6fTzetFftLHN63tnQAAAAQ"]
[Thu Jul 10 08:35:07.882417 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp_host"] [unique_id "aG9fG6fTzetFftLHN63tnQAAAAQ"]
[Thu Jul 10 08:35:07.882635 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp_host"] [unique_id "aG9fG6fTzetFftLHN63tnQAAAAQ"]
[Thu Jul 10 08:35:07.970383 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.2"] [unique_id "aG9fG6fTzetFftLHN63tngAAAAQ"]
[Thu Jul 10 08:35:07.970638 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.2"] [unique_id "aG9fG6fTzetFftLHN63tngAAAAQ"]
[Thu Jul 10 08:35:07.970826 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.2"] [unique_id "aG9fG6fTzetFftLHN63tngAAAAQ"]
[Thu Jul 10 08:35:08.072283 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.8"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.8"] [unique_id "aG9fHKfTzetFftLHN63tnwAAAAQ"]
[Thu Jul 10 08:35:08.072565 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.8"] [unique_id "aG9fHKfTzetFftLHN63tnwAAAAQ"]
[Thu Jul 10 08:35:08.072762 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.8"] [unique_id "aG9fHKfTzetFftLHN63tnwAAAAQ"]
[Thu Jul 10 08:35:11.765875 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aG9fH6fTzetFftLHN63toQAAAAQ"]
[Thu Jul 10 08:35:11.766118 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aG9fH6fTzetFftLHN63toQAAAAQ"]
[Thu Jul 10 08:35:11.766298 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aG9fH6fTzetFftLHN63toQAAAAQ"]
[Thu Jul 10 08:35:11.790365 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aG9fH6fTzetFftLHN63togAAAAQ"]
[Thu Jul 10 08:35:11.790640 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aG9fH6fTzetFftLHN63togAAAAQ"]
[Thu Jul 10 08:35:11.790827 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aG9fH6fTzetFftLHN63togAAAAQ"]
[Thu Jul 10 08:35:11.813718 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-push"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aG9fH6fTzetFftLHN63towAAAAQ"]
[Thu Jul 10 08:35:11.813966 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aG9fH6fTzetFftLHN63towAAAAQ"]
[Thu Jul 10 08:35:11.814155 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aG9fH6fTzetFftLHN63towAAAAQ"]
[Thu Jul 10 08:35:11.837420 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aG9fH6fTzetFftLHN63tpAAAAAQ"]
[Thu Jul 10 08:35:11.837679 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aG9fH6fTzetFftLHN63tpAAAAAQ"]
[Thu Jul 10 08:35:11.837874 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aG9fH6fTzetFftLHN63tpAAAAAQ"]
[Thu Jul 10 08:35:11.862834 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aG9fH6fTzetFftLHN63tpQAAAAQ"]
[Thu Jul 10 08:35:11.863080 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aG9fH6fTzetFftLHN63tpQAAAAQ"]
[Thu Jul 10 08:35:11.863275 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aG9fH6fTzetFftLHN63tpQAAAAQ"]
[Thu Jul 10 08:35:11.890968 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/default/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/default/.env"] [unique_id "aG9fH6fTzetFftLHN63tpgAAAAQ"]
[Thu Jul 10 08:35:11.891216 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/default/.env"] [unique_id "aG9fH6fTzetFftLHN63tpgAAAAQ"]
[Thu Jul 10 08:35:11.891419 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/default/.env"] [unique_id "aG9fH6fTzetFftLHN63tpgAAAAQ"]
[Thu Jul 10 08:35:11.914038 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aG9fH6fTzetFftLHN63tpwAAAAQ"]
[Thu Jul 10 08:35:11.914287 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aG9fH6fTzetFftLHN63tpwAAAAQ"]
[Thu Jul 10 08:35:11.914506 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aG9fH6fTzetFftLHN63tpwAAAAQ"]
[Thu Jul 10 08:35:11.960559 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aG9fH6fTzetFftLHN63tqQAAAAQ"]
[Thu Jul 10 08:35:11.960805 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aG9fH6fTzetFftLHN63tqQAAAAQ"]
[Thu Jul 10 08:35:11.961013 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aG9fH6fTzetFftLHN63tqQAAAAQ"]
[Thu Jul 10 08:35:11.983586 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temanr9/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr9/.env"] [unique_id "aG9fH6fTzetFftLHN63tqgAAAAQ"]
[Thu Jul 10 08:35:11.983843 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr9/.env"] [unique_id "aG9fH6fTzetFftLHN63tqgAAAAQ"]
[Thu Jul 10 08:35:11.984061 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr9/.env"] [unique_id "aG9fH6fTzetFftLHN63tqgAAAAQ"]
[Thu Jul 10 08:35:12.034746 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aG9fIKfTzetFftLHN63trAAAAAQ"]
[Thu Jul 10 08:35:12.034993 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aG9fIKfTzetFftLHN63trAAAAAQ"]
[Thu Jul 10 08:35:12.035201 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aG9fIKfTzetFftLHN63trAAAAAQ"]
[Thu Jul 10 08:35:12.058010 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "aG9fIKfTzetFftLHN63trQAAAAQ"]
[Thu Jul 10 08:35:12.058249 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "aG9fIKfTzetFftLHN63trQAAAAQ"]
[Thu Jul 10 08:35:12.058492 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qa/.env"] [unique_id "aG9fIKfTzetFftLHN63trQAAAAQ"]
[Thu Jul 10 08:35:12.080885 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "aG9fIKfTzetFftLHN63trgAAAAQ"]
[Thu Jul 10 08:35:12.081135 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "aG9fIKfTzetFftLHN63trgAAAAQ"]
[Thu Jul 10 08:35:12.081335 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env"] [unique_id "aG9fIKfTzetFftLHN63trgAAAAQ"]
[Thu Jul 10 08:35:12.116007 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/with-dotenv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-dotenv/.env"] [unique_id "aG9fIKfTzetFftLHN63trwAAAAQ"]
[Thu Jul 10 08:35:12.116257 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-dotenv/.env"] [unique_id "aG9fIKfTzetFftLHN63trwAAAAQ"]
[Thu Jul 10 08:35:12.116460 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-dotenv/.env"] [unique_id "aG9fIKfTzetFftLHN63trwAAAAQ"]
[Thu Jul 10 08:35:12.249106 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ftpmaster/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ftpmaster/.env"] [unique_id "aG9fIKfTzetFftLHN63tsQAAAAQ"]
[Thu Jul 10 08:35:12.249357 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ftpmaster/.env"] [unique_id "aG9fIKfTzetFftLHN63tsQAAAAQ"]
[Thu Jul 10 08:35:12.249572 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ftpmaster/.env"] [unique_id "aG9fIKfTzetFftLHN63tsQAAAAQ"]
[Thu Jul 10 08:35:12.289693 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aG9fIKfTzetFftLHN63tsgAAAAQ"]
[Thu Jul 10 08:35:12.289955 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aG9fIKfTzetFftLHN63tsgAAAAQ"]
[Thu Jul 10 08:35:12.294038 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aG9fIKfTzetFftLHN63tsgAAAAQ"]
[Thu Jul 10 08:35:12.529324 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aG9fIKfTzetFftLHN63ttQAAAAQ"]
[Thu Jul 10 08:35:12.529578 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aG9fIKfTzetFftLHN63ttQAAAAQ"]
[Thu Jul 10 08:35:12.529812 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aG9fIKfTzetFftLHN63ttQAAAAQ"]
[Thu Jul 10 08:35:12.611526 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aG9fIKfTzetFftLHN63ttwAAAAQ"]
[Thu Jul 10 08:35:12.611892 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aG9fIKfTzetFftLHN63ttwAAAAQ"]
[Thu Jul 10 08:35:12.612185 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aG9fIKfTzetFftLHN63ttwAAAAQ"]
[Thu Jul 10 08:35:12.673757 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aG9fIKfTzetFftLHN63tuAAAAAQ"]
[Thu Jul 10 08:35:12.674019 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aG9fIKfTzetFftLHN63tuAAAAAQ"]
[Thu Jul 10 08:35:12.674226 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aG9fIKfTzetFftLHN63tuAAAAAQ"]
[Thu Jul 10 08:35:12.741789 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /films/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/films/.env"] [unique_id "aG9fIKfTzetFftLHN63tuQAAAAQ"]
[Thu Jul 10 08:35:12.742058 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/films/.env"] [unique_id "aG9fIKfTzetFftLHN63tuQAAAAQ"]
[Thu Jul 10 08:35:12.742257 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/films/.env"] [unique_id "aG9fIKfTzetFftLHN63tuQAAAAQ"]
[Thu Jul 10 08:35:12.886391 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aG9fIKfTzetFftLHN63tuwAAAAQ"]
[Thu Jul 10 08:35:12.886648 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aG9fIKfTzetFftLHN63tuwAAAAQ"]
[Thu Jul 10 08:35:12.886848 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aG9fIKfTzetFftLHN63tuwAAAAQ"]
[Thu Jul 10 08:35:13.079427 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.backup"] [unique_id "aG9fIafTzetFftLHN63tvQAAAAQ"]
[Thu Jul 10 08:35:13.079855 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.backup"] [unique_id "aG9fIafTzetFftLHN63tvQAAAAQ"]
[Thu Jul 10 08:35:13.080092 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.backup"] [unique_id "aG9fIafTzetFftLHN63tvQAAAAQ"]
[Thu Jul 10 08:35:13.222616 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aG9fIafTzetFftLHN63tvgAAAAQ"]
[Thu Jul 10 08:35:13.222865 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aG9fIafTzetFftLHN63tvgAAAAQ"]
[Thu Jul 10 08:35:13.223075 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aG9fIafTzetFftLHN63tvgAAAAQ"]
[Thu Jul 10 08:35:18.171005 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aG9fJqfTzetFftLHN63twQAAAAQ"]
[Thu Jul 10 08:35:18.171263 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aG9fJqfTzetFftLHN63twQAAAAQ"]
[Thu Jul 10 08:35:18.171468 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aG9fJqfTzetFftLHN63twQAAAAQ"]
[Thu Jul 10 08:35:18.452137 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aG9fJqfTzetFftLHN63twwAAAAQ"]
[Thu Jul 10 08:35:18.452389 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aG9fJqfTzetFftLHN63twwAAAAQ"]
[Thu Jul 10 08:35:18.452598 2025] [:error] [pid 1065741] [client 185.177.72.106:26746] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aG9fJqfTzetFftLHN63twwAAAAQ"]
[Thu Jul 10 08:35:27.703754 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /django_project_path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/django_project_path/.env"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIAAAAAY"]
[Thu Jul 10 08:35:27.704013 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/django_project_path/.env"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIAAAAAY"]
[Thu Jul 10 08:35:27.704183 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/django_project_path/.env"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIAAAAAY"]
[Thu Jul 10 08:35:27.760821 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIgAAAAY"]
[Thu Jul 10 08:35:27.761069 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIgAAAAY"]
[Thu Jul 10 08:35:27.761247 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIgAAAAY"]
[Thu Jul 10 08:35:27.804152 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIwAAAAY"]
[Thu Jul 10 08:35:27.804416 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIwAAAAY"]
[Thu Jul 10 08:35:27.804619 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aG9fL1yvy-JmMjlZ6U3gIwAAAAY"]
[Thu Jul 10 08:35:28.015165 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-node-mongo-redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-node-mongo-redis/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gJgAAAAY"]
[Thu Jul 10 08:35:28.015528 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-node-mongo-redis/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gJgAAAAY"]
[Thu Jul 10 08:35:28.015780 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-node-mongo-redis/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gJgAAAAY"]
[Thu Jul 10 08:35:28.066970 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.gz"] [unique_id "aG9fMFyvy-JmMjlZ6U3gJwAAAAY"]
[Thu Jul 10 08:35:28.067234 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.gz"] [unique_id "aG9fMFyvy-JmMjlZ6U3gJwAAAAY"]
[Thu Jul 10 08:35:28.067441 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.gz"] [unique_id "aG9fMFyvy-JmMjlZ6U3gJwAAAAY"]
[Thu Jul 10 08:35:28.108833 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKAAAAAY"]
[Thu Jul 10 08:35:28.109080 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKAAAAAY"]
[Thu Jul 10 08:35:28.109278 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKAAAAAY"]
[Thu Jul 10 08:35:28.172914 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKQAAAAY"]
[Thu Jul 10 08:35:28.173163 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKQAAAAY"]
[Thu Jul 10 08:35:28.173360 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKQAAAAY"]
[Thu Jul 10 08:35:28.213823 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blog/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKgAAAAY"]
[Thu Jul 10 08:35:28.214078 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKgAAAAY"]
[Thu Jul 10 08:35:28.214273 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gKgAAAAY"]
[Thu Jul 10 08:35:28.292620 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLAAAAAY"]
[Thu Jul 10 08:35:28.292986 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLAAAAAY"]
[Thu Jul 10 08:35:28.293267 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLAAAAAY"]
[Thu Jul 10 08:35:28.336597 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLQAAAAY"]
[Thu Jul 10 08:35:28.336947 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLQAAAAY"]
[Thu Jul 10 08:35:28.337224 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLQAAAAY"]
[Thu Jul 10 08:35:28.378646 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLgAAAAY"]
[Thu Jul 10 08:35:28.378897 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLgAAAAY"]
[Thu Jul 10 08:35:28.379083 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLgAAAAY"]
[Thu Jul 10 08:35:28.482564 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dodoswap-client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dodoswap-client/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLwAAAAY"]
[Thu Jul 10 08:35:28.482822 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dodoswap-client/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLwAAAAY"]
[Thu Jul 10 08:35:28.483671 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dodoswap-client/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gLwAAAAY"]
[Thu Jul 10 08:35:28.539276 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /icon/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/icon/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gMAAAAAY"]
[Thu Jul 10 08:35:28.539534 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/icon/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gMAAAAAY"]
[Thu Jul 10 08:35:28.539741 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/icon/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gMAAAAAY"]
[Thu Jul 10 08:35:28.603695 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /home/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gMQAAAAY"]
[Thu Jul 10 08:35:28.603957 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gMQAAAAY"]
[Thu Jul 10 08:35:28.604480 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "aG9fMFyvy-JmMjlZ6U3gMQAAAAY"]
[Thu Jul 10 08:35:32.889620 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNAAAAAY"]
[Thu Jul 10 08:35:32.889886 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNAAAAAY"]
[Thu Jul 10 08:35:32.890059 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNAAAAAY"]
[Thu Jul 10 08:35:32.935577 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v11.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v11.0/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNgAAAAY"]
[Thu Jul 10 08:35:32.935812 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v11.0/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNgAAAAY"]
[Thu Jul 10 08:35:32.935976 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v11.0/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNgAAAAY"]
[Thu Jul 10 08:35:32.964802 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/couchdb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/couchdb/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNwAAAAY"]
[Thu Jul 10 08:35:32.965050 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/couchdb/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNwAAAAY"]
[Thu Jul 10 08:35:32.965243 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/couchdb/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gNwAAAAY"]
[Thu Jul 10 08:35:32.987409 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gOAAAAAY"]
[Thu Jul 10 08:35:32.987643 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gOAAAAAY"]
[Thu Jul 10 08:35:32.987803 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "aG9fNFyvy-JmMjlZ6U3gOAAAAAY"]
[Thu Jul 10 08:35:33.011715 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOQAAAAY"]
[Thu Jul 10 08:35:33.011927 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOQAAAAY"]
[Thu Jul 10 08:35:33.012081 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOQAAAAY"]
[Thu Jul 10 08:35:33.043098 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /libs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/libs/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOgAAAAY"]
[Thu Jul 10 08:35:33.043346 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/libs/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOgAAAAY"]
[Thu Jul 10 08:35:33.043528 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/libs/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOgAAAAY"]
[Thu Jul 10 08:35:33.090551 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/stash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOwAAAAY"]
[Thu Jul 10 08:35:33.090799 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOwAAAAY"]
[Thu Jul 10 08:35:33.090994 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aG9fNVyvy-JmMjlZ6U3gOwAAAAY"]
[Thu Jul 10 08:35:33.127134 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /images/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/images/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gPAAAAAY"]
[Thu Jul 10 08:35:33.127439 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/images/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gPAAAAAY"]
[Thu Jul 10 08:35:33.127629 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/images/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gPAAAAAY"]
[Thu Jul 10 08:35:33.257788 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /export/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/export/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gPwAAAAY"]
[Thu Jul 10 08:35:33.258033 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/export/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gPwAAAAY"]
[Thu Jul 10 08:35:33.258218 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/export/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gPwAAAAY"]
[Thu Jul 10 08:35:33.300920 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /image_data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/image_data/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gQAAAAAY"]
[Thu Jul 10 08:35:33.301188 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/image_data/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gQAAAAAY"]
[Thu Jul 10 08:35:33.301405 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/image_data/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gQAAAAAY"]
[Thu Jul 10 08:35:33.445065 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gQgAAAAY"]
[Thu Jul 10 08:35:33.445323 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gQgAAAAY"]
[Thu Jul 10 08:35:33.445504 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gQgAAAAY"]
[Thu Jul 10 08:35:33.896682 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/docker/phpmyadmin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/phpmyadmin/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gRwAAAAY"]
[Thu Jul 10 08:35:33.896930 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/phpmyadmin/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gRwAAAAY"]
[Thu Jul 10 08:35:33.897124 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/phpmyadmin/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gRwAAAAY"]
[Thu Jul 10 08:35:33.997152 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /09-managing-state/begin/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/begin/vue-heroes/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gSAAAAAY"]
[Thu Jul 10 08:35:33.997429 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/begin/vue-heroes/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gSAAAAAY"]
[Thu Jul 10 08:35:33.997621 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/begin/vue-heroes/.env"] [unique_id "aG9fNVyvy-JmMjlZ6U3gSAAAAAY"]
[Thu Jul 10 08:35:34.172018 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aG9fNlyvy-JmMjlZ6U3gSQAAAAY"]
[Thu Jul 10 08:35:34.172264 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aG9fNlyvy-JmMjlZ6U3gSQAAAAY"]
[Thu Jul 10 08:35:34.172464 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aG9fNlyvy-JmMjlZ6U3gSQAAAAY"]
[Thu Jul 10 08:35:34.329304 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/path/.env"] [unique_id "aG9fNlyvy-JmMjlZ6U3gSgAAAAY"]
[Thu Jul 10 08:35:34.329651 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/path/.env"] [unique_id "aG9fNlyvy-JmMjlZ6U3gSgAAAAY"]
[Thu Jul 10 08:35:34.329903 2025] [:error] [pid 1066256] [client 185.177.72.106:4666] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/path/.env"] [unique_id "aG9fNlyvy-JmMjlZ6U3gSgAAAAY"]
[Thu Jul 10 08:35:43.898753 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aG9fP22HUGa5P2sipOw4gQAAAAE"]
[Thu Jul 10 08:35:43.898995 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aG9fP22HUGa5P2sipOw4gQAAAAE"]
[Thu Jul 10 08:35:43.899180 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aG9fP22HUGa5P2sipOw4gQAAAAE"]
[Thu Jul 10 08:35:43.923245 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/github.com/gobuffalo/envy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/gobuffalo/envy/.env"] [unique_id "aG9fP22HUGa5P2sipOw4ggAAAAE"]
[Thu Jul 10 08:35:43.923483 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/gobuffalo/envy/.env"] [unique_id "aG9fP22HUGa5P2sipOw4ggAAAAE"]
[Thu Jul 10 08:35:43.923650 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/gobuffalo/envy/.env"] [unique_id "aG9fP22HUGa5P2sipOw4ggAAAAE"]
[Thu Jul 10 08:35:43.956625 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/api/.env"] [unique_id "aG9fP22HUGa5P2sipOw4gwAAAAE"]
[Thu Jul 10 08:35:43.956880 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/api/.env"] [unique_id "aG9fP22HUGa5P2sipOw4gwAAAAE"]
[Thu Jul 10 08:35:43.957066 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/api/.env"] [unique_id "aG9fP22HUGa5P2sipOw4gwAAAAE"]
[Thu Jul 10 08:35:44.110195 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main_user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main_user/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4hgAAAAE"]
[Thu Jul 10 08:35:44.110496 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main_user/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4hgAAAAE"]
[Thu Jul 10 08:35:44.110708 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main_user/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4hgAAAAE"]
[Thu Jul 10 08:35:44.168318 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /repo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repo/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4hwAAAAE"]
[Thu Jul 10 08:35:44.168577 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repo/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4hwAAAAE"]
[Thu Jul 10 08:35:44.168768 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repo/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4hwAAAAE"]
[Thu Jul 10 08:35:44.224758 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aG9fQG2HUGa5P2sipOw4iAAAAAE"]
[Thu Jul 10 08:35:44.224921 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aG9fQG2HUGa5P2sipOw4iAAAAAE"]
[Thu Jul 10 08:35:44.225163 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aG9fQG2HUGa5P2sipOw4iAAAAAE"]
[Thu Jul 10 08:35:44.225352 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.config"] [unique_id "aG9fQG2HUGa5P2sipOw4iAAAAAE"]
[Thu Jul 10 08:35:44.339732 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aG9fQG2HUGa5P2sipOw4iQAAAAE"]
[Thu Jul 10 08:35:44.339971 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aG9fQG2HUGa5P2sipOw4iQAAAAE"]
[Thu Jul 10 08:35:44.340201 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aG9fQG2HUGa5P2sipOw4iQAAAAE"]
[Thu Jul 10 08:35:44.441357 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_mail_server"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_mail_server"] [unique_id "aG9fQG2HUGa5P2sipOw4igAAAAE"]
[Thu Jul 10 08:35:44.441638 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_mail_server"] [unique_id "aG9fQG2HUGa5P2sipOw4igAAAAE"]
[Thu Jul 10 08:35:44.441832 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_mail_server"] [unique_id "aG9fQG2HUGa5P2sipOw4igAAAAE"]
[Thu Jul 10 08:35:44.533891 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /roundcubemail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcubemail/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4iwAAAAE"]
[Thu Jul 10 08:35:44.534143 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcubemail/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4iwAAAAE"]
[Thu Jul 10 08:35:44.534356 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcubemail/.env"] [unique_id "aG9fQG2HUGa5P2sipOw4iwAAAAE"]
[Thu Jul 10 08:35:48.696646 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aG9fRG2HUGa5P2sipOw4jAAAAAE"]
[Thu Jul 10 08:35:48.697763 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aG9fRG2HUGa5P2sipOw4jAAAAAE"]
[Thu Jul 10 08:35:48.698016 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aG9fRG2HUGa5P2sipOw4jAAAAAE"]
[Thu Jul 10 08:35:48.797931 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/config/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mongodb/config/dev/.env"] [unique_id "aG9fRG2HUGa5P2sipOw4jQAAAAE"]
[Thu Jul 10 08:35:48.798173 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mongodb/config/dev/.env"] [unique_id "aG9fRG2HUGa5P2sipOw4jQAAAAE"]
[Thu Jul 10 08:35:48.798403 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mongodb/config/dev/.env"] [unique_id "aG9fRG2HUGa5P2sipOw4jQAAAAE"]
[Thu Jul 10 08:35:48.868458 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aG9fRG2HUGa5P2sipOw4jgAAAAE"]
[Thu Jul 10 08:35:48.868722 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aG9fRG2HUGa5P2sipOw4jgAAAAE"]
[Thu Jul 10 08:35:48.868903 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aG9fRG2HUGa5P2sipOw4jgAAAAE"]
[Thu Jul 10 08:35:49.017209 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/sdl-first/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4kAAAAAE"]
[Thu Jul 10 08:35:49.017497 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4kAAAAAE"]
[Thu Jul 10 08:35:49.017680 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4kAAAAAE"]
[Thu Jul 10 08:35:49.260295 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4kwAAAAE"]
[Thu Jul 10 08:35:49.260555 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4kwAAAAE"]
[Thu Jul 10 08:35:49.260749 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4kwAAAAE"]
[Thu Jul 10 08:35:49.390101 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lAAAAAE"]
[Thu Jul 10 08:35:49.390388 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lAAAAAE"]
[Thu Jul 10 08:35:49.390572 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lAAAAAE"]
[Thu Jul 10 08:35:49.585646 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /developerslv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developerslv/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lQAAAAE"]
[Thu Jul 10 08:35:49.585909 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developerslv/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lQAAAAE"]
[Thu Jul 10 08:35:49.586125 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developerslv/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lQAAAAE"]
[Thu Jul 10 08:35:49.694783 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lgAAAAE"]
[Thu Jul 10 08:35:49.695046 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lgAAAAE"]
[Thu Jul 10 08:35:49.695232 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4lgAAAAE"]
[Thu Jul 10 08:35:49.826553 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aG9fRW2HUGa5P2sipOw4mQAAAAE"]
[Thu Jul 10 08:35:49.826784 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aG9fRW2HUGa5P2sipOw4mQAAAAE"]
[Thu Jul 10 08:35:49.826968 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aG9fRW2HUGa5P2sipOw4mQAAAAE"]
[Thu Jul 10 08:35:49.855804 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.staging"] [unique_id "aG9fRW2HUGa5P2sipOw4mgAAAAE"]
[Thu Jul 10 08:35:49.856041 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.staging"] [unique_id "aG9fRW2HUGa5P2sipOw4mgAAAAE"]
[Thu Jul 10 08:35:49.856215 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.staging"] [unique_id "aG9fRW2HUGa5P2sipOw4mgAAAAE"]
[Thu Jul 10 08:35:49.880534 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-compose/platform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/platform/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4mwAAAAE"]
[Thu Jul 10 08:35:49.880794 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/platform/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4mwAAAAE"]
[Thu Jul 10 08:35:49.880974 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/platform/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4mwAAAAE"]
[Thu Jul 10 08:35:49.903063 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /restapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/restapi/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4nAAAAAE"]
[Thu Jul 10 08:35:49.903300 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/restapi/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4nAAAAAE"]
[Thu Jul 10 08:35:49.903480 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/restapi/.env"] [unique_id "aG9fRW2HUGa5P2sipOw4nAAAAAE"]
[Thu Jul 10 08:35:49.925609 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aG9fRW2HUGa5P2sipOw4nQAAAAE"]
[Thu Jul 10 08:35:49.925846 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aG9fRW2HUGa5P2sipOw4nQAAAAE"]
[Thu Jul 10 08:35:49.926054 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aG9fRW2HUGa5P2sipOw4nQAAAAE"]
[Thu Jul 10 08:35:49.947918 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_mail"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_mail"] [unique_id "aG9fRW2HUGa5P2sipOw4ngAAAAE"]
[Thu Jul 10 08:35:49.948151 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_mail"] [unique_id "aG9fRW2HUGa5P2sipOw4ngAAAAE"]
[Thu Jul 10 08:35:49.948325 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_mail"] [unique_id "aG9fRW2HUGa5P2sipOw4ngAAAAE"]
[Thu Jul 10 08:35:49.992692 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aG9fRW2HUGa5P2sipOw4oAAAAAE"]
[Thu Jul 10 08:35:49.993026 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aG9fRW2HUGa5P2sipOw4oAAAAAE"]
[Thu Jul 10 08:35:49.993188 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aG9fRW2HUGa5P2sipOw4oAAAAAE"]
[Thu Jul 10 08:35:50.015092 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protected/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/protected/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4oQAAAAE"]
[Thu Jul 10 08:35:50.015328 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/protected/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4oQAAAAE"]
[Thu Jul 10 08:35:50.015503 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/protected/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4oQAAAAE"]
[Thu Jul 10 08:35:50.037487 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aG9fRm2HUGa5P2sipOw4ogAAAAE"]
[Thu Jul 10 08:35:50.037659 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aG9fRm2HUGa5P2sipOw4ogAAAAE"]
[Thu Jul 10 08:35:50.037887 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aG9fRm2HUGa5P2sipOw4ogAAAAE"]
[Thu Jul 10 08:35:50.038070 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aG9fRm2HUGa5P2sipOw4ogAAAAE"]
[Thu Jul 10 08:35:50.083276 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/plugin-qiankun/examples/app1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/plugin-qiankun/examples/app1/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4pAAAAAE"]
[Thu Jul 10 08:35:50.083503 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/plugin-qiankun/examples/app1/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4pAAAAAE"]
[Thu Jul 10 08:35:50.083670 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/plugin-qiankun/examples/app1/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4pAAAAAE"]
[Thu Jul 10 08:35:50.105992 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aG9fRm2HUGa5P2sipOw4pQAAAAE"]
[Thu Jul 10 08:35:50.106223 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aG9fRm2HUGa5P2sipOw4pQAAAAE"]
[Thu Jul 10 08:35:50.106424 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aG9fRm2HUGa5P2sipOw4pQAAAAE"]
[Thu Jul 10 08:35:50.151307 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4pwAAAAE"]
[Thu Jul 10 08:35:50.151545 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4pwAAAAE"]
[Thu Jul 10 08:35:50.151726 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4pwAAAAE"]
[Thu Jul 10 08:35:50.304529 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aG9fRm2HUGa5P2sipOw4rAAAAAE"]
[Thu Jul 10 08:35:50.304782 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aG9fRm2HUGa5P2sipOw4rAAAAAE"]
[Thu Jul 10 08:35:50.304987 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aG9fRm2HUGa5P2sipOw4rAAAAAE"]
[Thu Jul 10 08:35:50.350096 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /agora/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/agora/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4rgAAAAE"]
[Thu Jul 10 08:35:50.350379 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/agora/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4rgAAAAE"]
[Thu Jul 10 08:35:50.350595 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/agora/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4rgAAAAE"]
[Thu Jul 10 08:35:50.395720 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /download/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/download/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4sAAAAAE"]
[Thu Jul 10 08:35:50.395968 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/download/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4sAAAAAE"]
[Thu Jul 10 08:35:50.396157 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/download/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4sAAAAAE"]
[Thu Jul 10 08:35:50.418171 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /results/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/results/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4sQAAAAE"]
[Thu Jul 10 08:35:50.418464 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/results/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4sQAAAAE"]
[Thu Jul 10 08:35:50.418664 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/results/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4sQAAAAE"]
[Thu Jul 10 08:35:50.532782 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak1"] [unique_id "aG9fRm2HUGa5P2sipOw4tgAAAAE"]
[Thu Jul 10 08:35:50.533023 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak1"] [unique_id "aG9fRm2HUGa5P2sipOw4tgAAAAE"]
[Thu Jul 10 08:35:50.533240 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak1"] [unique_id "aG9fRm2HUGa5P2sipOw4tgAAAAE"]
[Thu Jul 10 08:35:50.579140 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4uAAAAAE"]
[Thu Jul 10 08:35:50.579381 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4uAAAAAE"]
[Thu Jul 10 08:35:50.579558 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4uAAAAAE"]
[Thu Jul 10 08:35:50.603498 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/github.com/subosito/gotenv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/subosito/gotenv/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4uQAAAAE"]
[Thu Jul 10 08:35:50.603746 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/subosito/gotenv/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4uQAAAAE"]
[Thu Jul 10 08:35:50.603924 2025] [:error] [pid 1065738] [client 185.177.72.106:23868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/subosito/gotenv/.env"] [unique_id "aG9fRm2HUGa5P2sipOw4uQAAAAE"]
[Thu Jul 10 08:35:54.700528 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aG9fSrwmNPsrpCjDVcoW-wAAAAU"]
[Thu Jul 10 08:35:54.700777 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aG9fSrwmNPsrpCjDVcoW-wAAAAU"]
[Thu Jul 10 08:35:54.700974 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aG9fSrwmNPsrpCjDVcoW-wAAAAU"]
[Thu Jul 10 08:35:54.993565 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old.old"] [unique_id "aG9fSrwmNPsrpCjDVcoW_QAAAAU"]
[Thu Jul 10 08:35:54.993771 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old.old"] [unique_id "aG9fSrwmNPsrpCjDVcoW_QAAAAU"]
[Thu Jul 10 08:35:54.994018 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old.old"] [unique_id "aG9fSrwmNPsrpCjDVcoW_QAAAAU"]
[Thu Jul 10 08:35:54.994234 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old.old"] [unique_id "aG9fSrwmNPsrpCjDVcoW_QAAAAU"]
[Thu Jul 10 08:35:55.063205 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoW_gAAAAU"]
[Thu Jul 10 08:35:55.063455 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoW_gAAAAU"]
[Thu Jul 10 08:35:55.063674 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoW_gAAAAU"]
[Thu Jul 10 08:35:55.108218 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoW_wAAAAU"]
[Thu Jul 10 08:35:55.108599 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoW_wAAAAU"]
[Thu Jul 10 08:35:55.108877 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoW_wAAAAU"]
[Thu Jul 10 08:35:55.149485 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/did-rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-rest/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXAAAAAAU"]
[Thu Jul 10 08:35:55.149743 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-rest/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXAAAAAAU"]
[Thu Jul 10 08:35:55.149955 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-rest/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXAAAAAAU"]
[Thu Jul 10 08:35:55.177394 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXAQAAAAU"]
[Thu Jul 10 08:35:55.177696 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXAQAAAAU"]
[Thu Jul 10 08:35:55.177931 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXAQAAAAU"]
[Thu Jul 10 08:35:55.221304 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.smtp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aG9fS7wmNPsrpCjDVcoXAgAAAAU"]
[Thu Jul 10 08:35:55.221548 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aG9fS7wmNPsrpCjDVcoXAgAAAAU"]
[Thu Jul 10 08:35:55.221743 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aG9fS7wmNPsrpCjDVcoXAgAAAAU"]
[Thu Jul 10 08:35:55.426959 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aG9fS7wmNPsrpCjDVcoXBQAAAAU"]
[Thu Jul 10 08:35:55.427204 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aG9fS7wmNPsrpCjDVcoXBQAAAAU"]
[Thu Jul 10 08:35:55.427424 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aG9fS7wmNPsrpCjDVcoXBQAAAAU"]
[Thu Jul 10 08:35:55.481090 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXBwAAAAU"]
[Thu Jul 10 08:35:55.481335 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXBwAAAAU"]
[Thu Jul 10 08:35:55.481527 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXBwAAAAU"]
[Thu Jul 10 08:35:55.531152 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/tags/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/tags/"] [unique_id "aG9fS7wmNPsrpCjDVcoXCQAAAAU"]
[Thu Jul 10 08:35:55.531410 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/tags/"] [unique_id "aG9fS7wmNPsrpCjDVcoXCQAAAAU"]
[Thu Jul 10 08:35:55.531608 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/tags/"] [unique_id "aG9fS7wmNPsrpCjDVcoXCQAAAAU"]
[Thu Jul 10 08:35:55.555384 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".csproj"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.csproj"] [unique_id "aG9fS7wmNPsrpCjDVcoXCgAAAAU"]
[Thu Jul 10 08:35:55.555547 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.csproj"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.csproj"] [unique_id "aG9fS7wmNPsrpCjDVcoXCgAAAAU"]
[Thu Jul 10 08:35:55.555787 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.csproj"] [unique_id "aG9fS7wmNPsrpCjDVcoXCgAAAAU"]
[Thu Jul 10 08:35:55.556006 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.csproj"] [unique_id "aG9fS7wmNPsrpCjDVcoXCgAAAAU"]
[Thu Jul 10 08:35:55.638547 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDAAAAAU"]
[Thu Jul 10 08:35:55.638787 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDAAAAAU"]
[Thu Jul 10 08:35:55.638972 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDAAAAAU"]
[Thu Jul 10 08:35:55.679055 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDQAAAAU"]
[Thu Jul 10 08:35:55.679447 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDQAAAAU"]
[Thu Jul 10 08:35:55.679671 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDQAAAAU"]
[Thu Jul 10 08:35:55.722527 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.config/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDgAAAAU"]
[Thu Jul 10 08:35:55.722770 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.config/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDgAAAAU"]
[Thu Jul 10 08:35:55.722981 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.config/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDgAAAAU"]
[Thu Jul 10 08:35:55.772753 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/fixtures/app_types/node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/node/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDwAAAAU"]
[Thu Jul 10 08:35:55.773007 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/node/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDwAAAAU"]
[Thu Jul 10 08:35:55.773246 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/node/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXDwAAAAU"]
[Thu Jul 10 08:35:55.823518 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXEQAAAAU"]
[Thu Jul 10 08:35:55.823767 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXEQAAAAU"]
[Thu Jul 10 08:35:55.823961 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aG9fS7wmNPsrpCjDVcoXEQAAAAU"]
[Thu Jul 10 08:35:55.846539 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aG9fS7wmNPsrpCjDVcoXEgAAAAU"]
[Thu Jul 10 08:35:55.846792 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aG9fS7wmNPsrpCjDVcoXEgAAAAU"]
[Thu Jul 10 08:35:55.846986 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aG9fS7wmNPsrpCjDVcoXEgAAAAU"]
[Thu Jul 10 08:35:56.031460 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aG9fTLwmNPsrpCjDVcoXFAAAAAU"]
[Thu Jul 10 08:35:56.031712 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aG9fTLwmNPsrpCjDVcoXFAAAAAU"]
[Thu Jul 10 08:35:56.031910 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aG9fTLwmNPsrpCjDVcoXFAAAAAU"]
[Thu Jul 10 08:35:56.066877 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/redis-*.conf"] [unique_id "aG9fTLwmNPsrpCjDVcoXFQAAAAU"]
[Thu Jul 10 08:35:56.067234 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/redis-*.conf"] [unique_id "aG9fTLwmNPsrpCjDVcoXFQAAAAU"]
[Thu Jul 10 08:35:56.067511 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/redis-*.conf"] [unique_id "aG9fTLwmNPsrpCjDVcoXFQAAAAU"]
[Thu Jul 10 08:35:56.115414 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /legal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/legal/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXFgAAAAU"]
[Thu Jul 10 08:35:56.115671 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/legal/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXFgAAAAU"]
[Thu Jul 10 08:35:56.115885 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/legal/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXFgAAAAU"]
[Thu Jul 10 08:35:56.197317 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aG9fTLwmNPsrpCjDVcoXFwAAAAU"]
[Thu Jul 10 08:35:56.197592 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aG9fTLwmNPsrpCjDVcoXFwAAAAU"]
[Thu Jul 10 08:35:56.197852 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aG9fTLwmNPsrpCjDVcoXFwAAAAU"]
[Thu Jul 10 08:35:56.393630 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXGAAAAAU"]
[Thu Jul 10 08:35:56.393880 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXGAAAAAU"]
[Thu Jul 10 08:35:56.394093 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXGAAAAAU"]
[Thu Jul 10 08:35:56.417776 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXGQAAAAU"]
[Thu Jul 10 08:35:56.418144 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXGQAAAAU"]
[Thu Jul 10 08:35:56.418471 2025] [:error] [pid 1065781] [client 185.177.72.106:29868] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "aG9fTLwmNPsrpCjDVcoXGQAAAAU"]
[Thu Jul 10 08:36:05.109774 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /clientapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ClientApp/.env"] [unique_id "aG9fVXX5p5YcoWIUq-xw0gAAAAc"]
[Thu Jul 10 08:36:05.110024 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ClientApp/.env"] [unique_id "aG9fVXX5p5YcoWIUq-xw0gAAAAc"]
[Thu Jul 10 08:36:05.110204 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ClientApp/.env"] [unique_id "aG9fVXX5p5YcoWIUq-xw0gAAAAc"]
[Thu Jul 10 08:36:05.401317 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /pictures/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/pictures/.env"] [unique_id "aG9fVXX5p5YcoWIUq-xw1AAAAAc"]
[Thu Jul 10 08:36:05.401565 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pictures/.env"] [unique_id "aG9fVXX5p5YcoWIUq-xw1AAAAAc"]
[Thu Jul 10 08:36:05.401768 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pictures/.env"] [unique_id "aG9fVXX5p5YcoWIUq-xw1AAAAAc"]
[Thu Jul 10 08:36:10.125025 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG9fWnX5p5YcoWIUq-xw2AAAAAc"]
[Thu Jul 10 08:36:10.125292 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG9fWnX5p5YcoWIUq-xw2AAAAAc"]
[Thu Jul 10 08:36:10.125493 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG9fWnX5p5YcoWIUq-xw2AAAAAc"]
[Thu Jul 10 08:36:10.342976 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /downloads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/downloads/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw2wAAAAc"]
[Thu Jul 10 08:36:10.343231 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/downloads/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw2wAAAAc"]
[Thu Jul 10 08:36:10.343439 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/downloads/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw2wAAAAc"]
[Thu Jul 10 08:36:10.473991 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /template/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw3AAAAAc"]
[Thu Jul 10 08:36:10.474245 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw3AAAAAc"]
[Thu Jul 10 08:36:10.474470 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw3AAAAAc"]
[Thu Jul 10 08:36:10.568254 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "aG9fWnX5p5YcoWIUq-xw3QAAAAc"]
[Thu Jul 10 08:36:10.568503 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "aG9fWnX5p5YcoWIUq-xw3QAAAAc"]
[Thu Jul 10 08:36:10.568721 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/marketing/.env.production"] [unique_id "aG9fWnX5p5YcoWIUq-xw3QAAAAc"]
[Thu Jul 10 08:36:10.759518 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw3wAAAAc"]
[Thu Jul 10 08:36:10.759771 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw3wAAAAc"]
[Thu Jul 10 08:36:10.759977 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/develop/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw3wAAAAc"]
[Thu Jul 10 08:36:10.858682 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/integration/env-config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/integration/env-config/app/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw4AAAAAc"]
[Thu Jul 10 08:36:10.858932 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/integration/env-config/app/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw4AAAAAc"]
[Thu Jul 10 08:36:10.859160 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/integration/env-config/app/.env"] [unique_id "aG9fWnX5p5YcoWIUq-xw4AAAAAc"]
[Thu Jul 10 08:36:11.005316 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /oldsanta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/oldsanta/.env"] [unique_id "aG9fW3X5p5YcoWIUq-xw4QAAAAc"]
[Thu Jul 10 08:36:11.005699 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/oldsanta/.env"] [unique_id "aG9fW3X5p5YcoWIUq-xw4QAAAAc"]
[Thu Jul 10 08:36:11.005994 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/oldsanta/.env"] [unique_id "aG9fW3X5p5YcoWIUq-xw4QAAAAc"]
[Thu Jul 10 08:36:11.181318 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aG9fW3X5p5YcoWIUq-xw4gAAAAc"]
[Thu Jul 10 08:36:11.181565 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aG9fW3X5p5YcoWIUq-xw4gAAAAc"]
[Thu Jul 10 08:36:11.181780 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aG9fW3X5p5YcoWIUq-xw4gAAAAc"]
[Thu Jul 10 08:36:11.426709 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cp/.env"] [unique_id "aG9fW3X5p5YcoWIUq-xw4wAAAAc"]
[Thu Jul 10 08:36:11.426948 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cp/.env"] [unique_id "aG9fW3X5p5YcoWIUq-xw4wAAAAc"]
[Thu Jul 10 08:36:11.427168 2025] [:error] [pid 1070356] [client 185.177.72.106:21552] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cp/.env"] [unique_id "aG9fW3X5p5YcoWIUq-xw4wAAAAc"]
[Thu Jul 10 18:17:59.747518 2025] [:error] [pid 1065737] [client 198.55.98.93:56390] [client 198.55.98.93] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG_nt6LicSuvMVdabbq17wAAAAA"]
[Thu Jul 10 18:17:59.747793 2025] [:error] [pid 1065737] [client 198.55.98.93:56390] [client 198.55.98.93] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG_nt6LicSuvMVdabbq17wAAAAA"]
[Thu Jul 10 18:17:59.747993 2025] [:error] [pid 1065737] [client 198.55.98.93:56390] [client 198.55.98.93] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aG_nt6LicSuvMVdabbq17wAAAAA"]
[Sat Jul 12 04:01:32.920337 2025] [:error] [pid 1115432] [client 185.196.9.254:34814] [client 185.196.9.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHHB_NkwnzHrCLmrjza7zQAAAAE"]
[Sat Jul 12 04:01:32.920562 2025] [:error] [pid 1115432] [client 185.196.9.254:34814] [client 185.196.9.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHHB_NkwnzHrCLmrjza7zQAAAAE"]
[Sat Jul 12 04:01:32.920763 2025] [:error] [pid 1115432] [client 185.196.9.254:34814] [client 185.196.9.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHHB_NkwnzHrCLmrjza7zQAAAAE"]
[Sat Jul 12 04:01:33.028129 2025] [:error] [pid 1115466] [client 185.196.9.254:34816] [client 185.196.9.254] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHHB_eW36A4SXctFIYd97gAAAAU"]
[Sat Jul 12 04:01:33.028348 2025] [:error] [pid 1115466] [client 185.196.9.254:34816] [client 185.196.9.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHHB_eW36A4SXctFIYd97gAAAAU"]
[Sat Jul 12 04:01:33.028506 2025] [:error] [pid 1115466] [client 185.196.9.254:34816] [client 185.196.9.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHHB_eW36A4SXctFIYd97gAAAAU"]
[Sat Jul 12 10:44:19.460352 2025] [:error] [pid 1115431] [client 185.196.9.254:50020] [client 185.196.9.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHIgY59SYBLWSo6Y5_UV2AAAAAA"]
[Sat Jul 12 10:44:19.460586 2025] [:error] [pid 1115431] [client 185.196.9.254:50020] [client 185.196.9.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHIgY59SYBLWSo6Y5_UV2AAAAAA"]
[Sat Jul 12 10:44:19.460758 2025] [:error] [pid 1115431] [client 185.196.9.254:50020] [client 185.196.9.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHIgY59SYBLWSo6Y5_UV2AAAAAA"]
[Sat Jul 12 10:44:19.957139 2025] [:error] [pid 1115434] [client 185.196.9.254:50030] [client 185.196.9.254] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHIgY7d0EagJv6KXBMLiXAAAAAM"]
[Sat Jul 12 10:44:19.957348 2025] [:error] [pid 1115434] [client 185.196.9.254:50030] [client 185.196.9.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHIgY7d0EagJv6KXBMLiXAAAAAM"]
[Sat Jul 12 10:44:19.957546 2025] [:error] [pid 1115434] [client 185.196.9.254:50030] [client 185.196.9.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHIgY7d0EagJv6KXBMLiXAAAAAM"]
[Sat Jul 12 12:21:57.347946 2025] [:error] [pid 1115466] [client 185.196.9.254:47218] [client 185.196.9.254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHI3ReW36A4SXctFIYd-IQAAAAU"]
[Sat Jul 12 12:21:57.348163 2025] [:error] [pid 1115466] [client 185.196.9.254:47218] [client 185.196.9.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHI3ReW36A4SXctFIYd-IQAAAAU"]
[Sat Jul 12 12:21:57.348334 2025] [:error] [pid 1115466] [client 185.196.9.254:47218] [client 185.196.9.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHI3ReW36A4SXctFIYd-IQAAAAU"]
[Sat Jul 12 12:21:57.471719 2025] [:error] [pid 1115433] [client 185.196.9.254:47222] [client 185.196.9.254] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHI3RV5MDznUpDOCnZfZdAAAAAI"]
[Sat Jul 12 12:21:57.471931 2025] [:error] [pid 1115433] [client 185.196.9.254:47222] [client 185.196.9.254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHI3RV5MDznUpDOCnZfZdAAAAAI"]
[Sat Jul 12 12:21:57.472110 2025] [:error] [pid 1115433] [client 185.196.9.254:47222] [client 185.196.9.254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHI3RV5MDznUpDOCnZfZdAAAAAI"]
[Sat Jul 12 13:53:19.081412 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAfwAAAAk"]
[Sat Jul 12 13:53:19.081685 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAfwAAAAk"]
[Sat Jul 12 13:53:19.081880 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAfwAAAAk"]
[Sat Jul 12 13:53:19.231022 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAhAAAAAk"]
[Sat Jul 12 13:53:19.231273 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAhAAAAAk"]
[Sat Jul 12 13:53:19.231463 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAhAAAAAk"]
[Sat Jul 12 13:53:19.260365 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAhQAAAAk"]
[Sat Jul 12 13:53:19.260609 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAhQAAAAk"]
[Sat Jul 12 13:53:19.260794 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAhQAAAAk"]
[Sat Jul 12 13:53:19.289552 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aHJMryPJPBKDl1q3ZLVAhgAAAAk"]
[Sat Jul 12 13:53:19.289949 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aHJMryPJPBKDl1q3ZLVAhgAAAAk"]
[Sat Jul 12 13:53:19.290152 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aHJMryPJPBKDl1q3ZLVAhgAAAAk"]
[Sat Jul 12 13:53:19.348840 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAiAAAAAk"]
[Sat Jul 12 13:53:19.349069 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAiAAAAAk"]
[Sat Jul 12 13:53:19.349244 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAiAAAAAk"]
[Sat Jul 12 13:53:19.377856 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aHJMryPJPBKDl1q3ZLVAiQAAAAk"]
[Sat Jul 12 13:53:19.378018 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aHJMryPJPBKDl1q3ZLVAiQAAAAk"]
[Sat Jul 12 13:53:19.378261 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aHJMryPJPBKDl1q3ZLVAiQAAAAk"]
[Sat Jul 12 13:53:19.378514 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aHJMryPJPBKDl1q3ZLVAiQAAAAk"]
[Sat Jul 12 13:53:19.527741 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHJMryPJPBKDl1q3ZLVAiwAAAAk"]
[Sat Jul 12 13:53:19.527986 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHJMryPJPBKDl1q3ZLVAiwAAAAk"]
[Sat Jul 12 13:53:19.528176 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHJMryPJPBKDl1q3ZLVAiwAAAAk"]
[Sat Jul 12 13:53:19.588884 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAjQAAAAk"]
[Sat Jul 12 13:53:19.589137 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAjQAAAAk"]
[Sat Jul 12 13:53:19.589320 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAjQAAAAk"]
[Sat Jul 12 13:53:19.647953 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAjwAAAAk"]
[Sat Jul 12 13:53:19.648223 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAjwAAAAk"]
[Sat Jul 12 13:53:19.648422 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAjwAAAAk"]
[Sat Jul 12 13:53:19.677469 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAkAAAAAk"]
[Sat Jul 12 13:53:19.677709 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAkAAAAAk"]
[Sat Jul 12 13:53:19.677891 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAkAAAAAk"]
[Sat Jul 12 13:53:19.736057 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravael/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAkgAAAAk"]
[Sat Jul 12 13:53:19.736285 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAkgAAAAk"]
[Sat Jul 12 13:53:19.736455 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAkgAAAAk"]
[Sat Jul 12 13:53:19.795677 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aHJMryPJPBKDl1q3ZLVAlAAAAAk"]
[Sat Jul 12 13:53:19.796034 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aHJMryPJPBKDl1q3ZLVAlAAAAAk"]
[Sat Jul 12 13:53:19.796279 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aHJMryPJPBKDl1q3ZLVAlAAAAAk"]
[Sat Jul 12 13:53:19.825179 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAlQAAAAk"]
[Sat Jul 12 13:53:19.825508 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAlQAAAAk"]
[Sat Jul 12 13:53:19.825732 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAlQAAAAk"]
[Sat Jul 12 13:53:19.883636 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aHJMryPJPBKDl1q3ZLVAlwAAAAk"]
[Sat Jul 12 13:53:19.883848 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aHJMryPJPBKDl1q3ZLVAlwAAAAk"]
[Sat Jul 12 13:53:19.884003 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aHJMryPJPBKDl1q3ZLVAlwAAAAk"]
[Sat Jul 12 13:53:19.972073 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awsstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAmgAAAAk"]
[Sat Jul 12 13:53:19.972324 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAmgAAAAk"]
[Sat Jul 12 13:53:19.972519 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aHJMryPJPBKDl1q3ZLVAmgAAAAk"]
[Sat Jul 12 13:53:20.001080 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aHJMsCPJPBKDl1q3ZLVAmwAAAAk"]
[Sat Jul 12 13:53:20.001234 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aHJMsCPJPBKDl1q3ZLVAmwAAAAk"]
[Sat Jul 12 13:53:20.001456 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aHJMsCPJPBKDl1q3ZLVAmwAAAAk"]
[Sat Jul 12 13:53:20.001623 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aHJMsCPJPBKDl1q3ZLVAmwAAAAk"]
[Sat Jul 12 13:53:20.030326 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAnAAAAAk"]
[Sat Jul 12 13:53:20.030589 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAnAAAAAk"]
[Sat Jul 12 13:53:20.030753 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAnAAAAAk"]
[Sat Jul 12 13:53:20.119812 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAnwAAAAk"]
[Sat Jul 12 13:53:20.120084 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAnwAAAAk"]
[Sat Jul 12 13:53:20.120282 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAnwAAAAk"]
[Sat Jul 12 13:53:20.185303 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aHJMsCPJPBKDl1q3ZLVAoQAAAAk"]
[Sat Jul 12 13:53:20.185634 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aHJMsCPJPBKDl1q3ZLVAoQAAAAk"]
[Sat Jul 12 13:53:20.185818 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aHJMsCPJPBKDl1q3ZLVAoQAAAAk"]
[Sat Jul 12 13:53:20.214795 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAogAAAAk"]
[Sat Jul 12 13:53:20.215030 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAogAAAAk"]
[Sat Jul 12 13:53:20.215222 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aHJMsCPJPBKDl1q3ZLVAogAAAAk"]
[Sat Jul 12 13:53:20.273933 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHJMsCPJPBKDl1q3ZLVApAAAAAk"]
[Sat Jul 12 13:53:20.274174 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHJMsCPJPBKDl1q3ZLVApAAAAAk"]
[Sat Jul 12 13:53:20.274386 2025] [:error] [pid 1123160] [client 185.177.72.104:59808] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHJMsCPJPBKDl1q3ZLVApAAAAAk"]
[Sat Jul 12 18:54:30.488891 2025] [:error] [pid 1128199] [client 198.55.98.210:49284] [client 198.55.98.210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKTRu0XANTvLAbMebLErwAAAAs"]
[Sat Jul 12 18:54:30.489157 2025] [:error] [pid 1128199] [client 198.55.98.210:49284] [client 198.55.98.210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKTRu0XANTvLAbMebLErwAAAAs"]
[Sat Jul 12 18:54:30.489332 2025] [:error] [pid 1128199] [client 198.55.98.210:49284] [client 198.55.98.210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKTRu0XANTvLAbMebLErwAAAAs"]
[Sat Jul 12 19:21:19.143173 2025] [:error] [pid 1115431] [client 185.177.72.104:6146] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKZj59SYBLWSo6Y5_UXKAAAAAA"]
[Sat Jul 12 19:21:19.143467 2025] [:error] [pid 1115431] [client 185.177.72.104:6146] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKZj59SYBLWSo6Y5_UXKAAAAAA"]
[Sat Jul 12 19:21:19.143629 2025] [:error] [pid 1115431] [client 185.177.72.104:6146] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKZj59SYBLWSo6Y5_UXKAAAAAA"]
[Sat Jul 12 20:58:00.975943 2025] [:error] [pid 1129836] [client 98.81.231.236:46700] [client 98.81.231.236] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKwOP9lR_enhE5GqkcxcQAAAAk"]
[Sat Jul 12 20:58:00.976209 2025] [:error] [pid 1129836] [client 98.81.231.236:46700] [client 98.81.231.236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKwOP9lR_enhE5GqkcxcQAAAAk"]
[Sat Jul 12 20:58:00.976371 2025] [:error] [pid 1129836] [client 98.81.231.236:46700] [client 98.81.231.236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHKwOP9lR_enhE5GqkcxcQAAAAk"]
[Sun Jul 13 02:30:58.933710 2025] [:error] [pid 1137552] [client 185.177.72.202:59738] [client 185.177.72.202] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aHL-Qox5PAiXmQHEeKZSEQAAAAE"]
[Sun Jul 13 02:30:58.934759 2025] [:error] [pid 1137552] [client 185.177.72.202:59738] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aHL-Qox5PAiXmQHEeKZSEQAAAAE"]
[Sun Jul 13 02:30:58.934974 2025] [:error] [pid 1137552] [client 185.177.72.202:59738] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aHL-Qox5PAiXmQHEeKZSEQAAAAE"]
[Sun Jul 13 02:30:59.067038 2025] [:error] [pid 1137552] [client 185.177.72.202:59738] [client 185.177.72.202] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHL-Q4x5PAiXmQHEeKZSEgAAAAE"]
[Sun Jul 13 02:30:59.067420 2025] [:error] [pid 1137552] [client 185.177.72.202:59738] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHL-Q4x5PAiXmQHEeKZSEgAAAAE"]
[Sun Jul 13 02:30:59.067682 2025] [:error] [pid 1137552] [client 185.177.72.202:59738] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aHL-Q4x5PAiXmQHEeKZSEgAAAAE"]
[Mon Jul 14 16:02:03.382998 2025] [:error] [pid 1166505] [client 18.224.192.118:40883] [client 18.224.192.118] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aHUN23rG2yIk-R27EN3V7QAAAAE"]
[Mon Jul 14 16:02:03.386611 2025] [:error] [pid 1166505] [client 18.224.192.118:40883] [client 18.224.192.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aHUN23rG2yIk-R27EN3V7QAAAAE"]
[Mon Jul 14 16:02:03.386837 2025] [:error] [pid 1166505] [client 18.224.192.118:40883] [client 18.224.192.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aHUN23rG2yIk-R27EN3V7QAAAAE"]
[Mon Jul 14 16:38:52.777115 2025] [:error] [pid 1166511] [client 93.123.109.7:58256] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHUWfLHrhfLAq83nYEFwbwAAAAM"]
[Mon Jul 14 16:38:52.777467 2025] [:error] [pid 1166511] [client 93.123.109.7:58256] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHUWfLHrhfLAq83nYEFwbwAAAAM"]
[Mon Jul 14 16:38:52.777732 2025] [:error] [pid 1166511] [client 93.123.109.7:58256] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHUWfLHrhfLAq83nYEFwbwAAAAM"]
[Thu Jul 17 22:06:02.785660 2025] [:error] [pid 1251811] [client 185.177.72.104:18670] [client 185.177.72.104] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHlXqh9uh_toT3_3D6_r3AAAAA0"]
[Thu Jul 17 22:06:02.787362 2025] [:error] [pid 1251811] [client 185.177.72.104:18670] [client 185.177.72.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHlXqh9uh_toT3_3D6_r3AAAAA0"]
[Thu Jul 17 22:06:02.787565 2025] [:error] [pid 1251811] [client 185.177.72.104:18670] [client 185.177.72.104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aHlXqh9uh_toT3_3D6_r3AAAAA0"]
[Sat Jul 19 09:44:07.932256 2025] [:error] [pid 1291456] [client 3.146.111.124:45104] [client 3.146.111.124] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aHtMx39HRTr3KxPrbnNo_QAAAAQ"]
[Sat Jul 19 09:44:07.933416 2025] [:error] [pid 1291456] [client 3.146.111.124:45104] [client 3.146.111.124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aHtMx39HRTr3KxPrbnNo_QAAAAQ"]
[Sat Jul 19 09:44:07.933628 2025] [:error] [pid 1291456] [client 3.146.111.124:45104] [client 3.146.111.124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aHtMx39HRTr3KxPrbnNo_QAAAAQ"]
[Sun Jul 20 17:01:34.618800 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURAAAAA0"]
[Sun Jul 20 17:01:34.620056 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURAAAAA0"]
[Sun Jul 20 17:01:34.620234 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURAAAAA0"]
[Sun Jul 20 17:01:34.661439 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURgAAAA0"]
[Sun Jul 20 17:01:34.661751 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURgAAAA0"]
[Sun Jul 20 17:01:34.661993 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURgAAAA0"]
[Sun Jul 20 17:01:34.687967 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURwAAAA0"]
[Sun Jul 20 17:01:34.688251 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURwAAAA0"]
[Sun Jul 20 17:01:34.688461 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aH0EzoxoTuBEoACPPcEURwAAAA0"]
[Sun Jul 20 17:01:34.709789 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUSAAAAA0"]
[Sun Jul 20 17:01:34.710051 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUSAAAAA0"]
[Sun Jul 20 17:01:34.710276 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUSAAAAA0"]
[Sun Jul 20 17:01:34.730438 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aH0EzoxoTuBEoACPPcEUSQAAAA0"]
[Sun Jul 20 17:01:34.730691 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aH0EzoxoTuBEoACPPcEUSQAAAA0"]
[Sun Jul 20 17:01:34.730879 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aH0EzoxoTuBEoACPPcEUSQAAAA0"]
[Sun Jul 20 17:01:34.751155 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aH0EzoxoTuBEoACPPcEUSgAAAA0"]
[Sun Jul 20 17:01:34.751433 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aH0EzoxoTuBEoACPPcEUSgAAAA0"]
[Sun Jul 20 17:01:34.751652 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aH0EzoxoTuBEoACPPcEUSgAAAA0"]
[Sun Jul 20 17:01:34.771863 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aH0EzoxoTuBEoACPPcEUSwAAAA0"]
[Sun Jul 20 17:01:34.772069 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aH0EzoxoTuBEoACPPcEUSwAAAA0"]
[Sun Jul 20 17:01:34.772386 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aH0EzoxoTuBEoACPPcEUSwAAAA0"]
[Sun Jul 20 17:01:34.772586 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aH0EzoxoTuBEoACPPcEUSwAAAA0"]
[Sun Jul 20 17:01:34.792606 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aH0EzoxoTuBEoACPPcEUTAAAAA0"]
[Sun Jul 20 17:01:34.792763 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aH0EzoxoTuBEoACPPcEUTAAAAA0"]
[Sun Jul 20 17:01:34.793006 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aH0EzoxoTuBEoACPPcEUTAAAAA0"]
[Sun Jul 20 17:01:34.793184 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aH0EzoxoTuBEoACPPcEUTAAAAA0"]
[Sun Jul 20 17:01:34.813393 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aH0EzoxoTuBEoACPPcEUTQAAAA0"]
[Sun Jul 20 17:01:34.813657 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aH0EzoxoTuBEoACPPcEUTQAAAA0"]
[Sun Jul 20 17:01:34.813836 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aH0EzoxoTuBEoACPPcEUTQAAAA0"]
[Sun Jul 20 17:01:34.834124 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aH0EzoxoTuBEoACPPcEUTgAAAA0"]
[Sun Jul 20 17:01:34.834386 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aH0EzoxoTuBEoACPPcEUTgAAAA0"]
[Sun Jul 20 17:01:34.834564 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aH0EzoxoTuBEoACPPcEUTgAAAA0"]
[Sun Jul 20 17:01:34.854818 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aH0EzoxoTuBEoACPPcEUTwAAAA0"]
[Sun Jul 20 17:01:34.855060 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aH0EzoxoTuBEoACPPcEUTwAAAA0"]
[Sun Jul 20 17:01:34.855239 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aH0EzoxoTuBEoACPPcEUTwAAAA0"]
[Sun Jul 20 17:01:34.875443 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUAAAAA0"]
[Sun Jul 20 17:01:34.875711 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUAAAAA0"]
[Sun Jul 20 17:01:34.875899 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUAAAAA0"]
[Sun Jul 20 17:01:34.896121 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUQAAAA0"]
[Sun Jul 20 17:01:34.896367 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUQAAAA0"]
[Sun Jul 20 17:01:34.896563 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUQAAAA0"]
[Sun Jul 20 17:01:34.916794 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUgAAAA0"]
[Sun Jul 20 17:01:34.917052 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUgAAAA0"]
[Sun Jul 20 17:01:34.917234 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUgAAAA0"]
[Sun Jul 20 17:01:34.937384 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUwAAAA0"]
[Sun Jul 20 17:01:34.937613 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUwAAAA0"]
[Sun Jul 20 17:01:34.937781 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aH0EzoxoTuBEoACPPcEUUwAAAA0"]
[Sun Jul 20 17:01:34.979285 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aH0EzoxoTuBEoACPPcEUVQAAAA0"]
[Sun Jul 20 17:01:34.979543 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aH0EzoxoTuBEoACPPcEUVQAAAA0"]
[Sun Jul 20 17:01:34.979726 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aH0EzoxoTuBEoACPPcEUVQAAAA0"]
[Sun Jul 20 17:01:34.999859 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aH0EzoxoTuBEoACPPcEUVgAAAA0"]
[Sun Jul 20 17:01:35.000099 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aH0EzoxoTuBEoACPPcEUVgAAAA0"]
[Sun Jul 20 17:01:35.000289 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aH0EzoxoTuBEoACPPcEUVgAAAA0"]
[Sun Jul 20 17:01:35.062477 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aH0Ez4xoTuBEoACPPcEUWQAAAA0"]
[Sun Jul 20 17:01:35.062804 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aH0Ez4xoTuBEoACPPcEUWQAAAA0"]
[Sun Jul 20 17:01:35.062987 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aH0Ez4xoTuBEoACPPcEUWQAAAA0"]
[Sun Jul 20 17:01:35.083321 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aH0Ez4xoTuBEoACPPcEUWgAAAA0"]
[Sun Jul 20 17:01:35.083574 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aH0Ez4xoTuBEoACPPcEUWgAAAA0"]
[Sun Jul 20 17:01:35.083756 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aH0Ez4xoTuBEoACPPcEUWgAAAA0"]
[Sun Jul 20 17:01:35.104243 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUWwAAAA0"]
[Sun Jul 20 17:01:35.104423 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUWwAAAA0"]
[Sun Jul 20 17:01:35.104645 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUWwAAAA0"]
[Sun Jul 20 17:01:35.104835 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUWwAAAA0"]
[Sun Jul 20 17:01:35.125130 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aH0Ez4xoTuBEoACPPcEUXAAAAA0"]
[Sun Jul 20 17:01:35.125404 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aH0Ez4xoTuBEoACPPcEUXAAAAA0"]
[Sun Jul 20 17:01:35.125579 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aH0Ez4xoTuBEoACPPcEUXAAAAA0"]
[Sun Jul 20 17:01:35.145882 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak1"] [unique_id "aH0Ez4xoTuBEoACPPcEUXQAAAA0"]
[Sun Jul 20 17:01:35.146126 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak1"] [unique_id "aH0Ez4xoTuBEoACPPcEUXQAAAA0"]
[Sun Jul 20 17:01:35.146304 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak1"] [unique_id "aH0Ez4xoTuBEoACPPcEUXQAAAA0"]
[Sun Jul 20 17:01:35.166605 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUXgAAAA0"]
[Sun Jul 20 17:01:35.166850 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUXgAAAA0"]
[Sun Jul 20 17:01:35.167041 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUXgAAAA0"]
[Sun Jul 20 17:01:35.208200 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUYAAAAA0"]
[Sun Jul 20 17:01:35.208540 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUYAAAAA0"]
[Sun Jul 20 17:01:35.208713 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUYAAAAA0"]
[Sun Jul 20 17:01:35.228808 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aH0Ez4xoTuBEoACPPcEUYQAAAA0"]
[Sun Jul 20 17:01:35.229148 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aH0Ez4xoTuBEoACPPcEUYQAAAA0"]
[Sun Jul 20 17:01:35.229314 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aH0Ez4xoTuBEoACPPcEUYQAAAA0"]
[Sun Jul 20 17:01:35.270215 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUYwAAAA0"]
[Sun Jul 20 17:01:35.270555 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUYwAAAA0"]
[Sun Jul 20 17:01:35.270723 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUYwAAAA0"]
[Sun Jul 20 17:01:35.290846 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.old"] [unique_id "aH0Ez4xoTuBEoACPPcEUZAAAAA0"]
[Sun Jul 20 17:01:35.291166 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.old"] [unique_id "aH0Ez4xoTuBEoACPPcEUZAAAAA0"]
[Sun Jul 20 17:01:35.291327 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.old"] [unique_id "aH0Ez4xoTuBEoACPPcEUZAAAAA0"]
[Sun Jul 20 17:01:35.311515 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aH0Ez4xoTuBEoACPPcEUZQAAAA0"]
[Sun Jul 20 17:01:35.311718 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aH0Ez4xoTuBEoACPPcEUZQAAAA0"]
[Sun Jul 20 17:01:35.311882 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aH0Ez4xoTuBEoACPPcEUZQAAAA0"]
[Sun Jul 20 17:01:35.331814 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUZgAAAA0"]
[Sun Jul 20 17:01:35.332180 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUZgAAAA0"]
[Sun Jul 20 17:01:35.332365 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUZgAAAA0"]
[Sun Jul 20 17:01:35.355657 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUZwAAAA0"]
[Sun Jul 20 17:01:35.356147 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUZwAAAA0"]
[Sun Jul 20 17:01:35.356420 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUZwAAAA0"]
[Sun Jul 20 17:01:35.378260 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUaAAAAA0"]
[Sun Jul 20 17:01:35.378712 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUaAAAAA0"]
[Sun Jul 20 17:01:35.378907 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUaAAAAA0"]
[Sun Jul 20 17:01:35.398985 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUaQAAAA0"]
[Sun Jul 20 17:01:35.399323 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUaQAAAA0"]
[Sun Jul 20 17:01:35.399499 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUaQAAAA0"]
[Sun Jul 20 17:01:35.419739 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUagAAAA0"]
[Sun Jul 20 17:01:35.420068 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUagAAAA0"]
[Sun Jul 20 17:01:35.420233 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aH0Ez4xoTuBEoACPPcEUagAAAA0"]
[Sun Jul 20 17:01:35.440140 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUawAAAA0"]
[Sun Jul 20 17:01:35.440469 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUawAAAA0"]
[Sun Jul 20 17:01:35.440634 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.php.bak"] [unique_id "aH0Ez4xoTuBEoACPPcEUawAAAA0"]
[Sun Jul 20 17:01:35.605067 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aH0Ez4xoTuBEoACPPcEUbgAAAA0"]
[Sun Jul 20 17:01:35.605304 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aH0Ez4xoTuBEoACPPcEUbgAAAA0"]
[Sun Jul 20 17:01:35.605470 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aH0Ez4xoTuBEoACPPcEUbgAAAA0"]
[Sun Jul 20 17:01:35.625448 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aH0Ez4xoTuBEoACPPcEUbwAAAA0"]
[Sun Jul 20 17:01:35.625797 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aH0Ez4xoTuBEoACPPcEUbwAAAA0"]
[Sun Jul 20 17:01:35.625971 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aH0Ez4xoTuBEoACPPcEUbwAAAA0"]
[Sun Jul 20 17:01:35.646030 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aH0Ez4xoTuBEoACPPcEUcAAAAA0"]
[Sun Jul 20 17:01:35.646193 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/npm-debug.log" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /npm-debug.log found within REQUEST_FILENAME: /npm-debug.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aH0Ez4xoTuBEoACPPcEUcAAAAA0"]
[Sun Jul 20 17:01:35.646442 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aH0Ez4xoTuBEoACPPcEUcAAAAA0"]
[Sun Jul 20 17:01:35.646617 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aH0Ez4xoTuBEoACPPcEUcAAAAA0"]
[Sun Jul 20 17:01:35.707948 2025] [authz_core:error] [pid 1321413] [client 185.177.72.106:6542] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Sun Jul 20 17:01:35.773528 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webroot_path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webroot_path/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUdgAAAA0"]
[Sun Jul 20 17:01:35.773774 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webroot_path/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUdgAAAA0"]
[Sun Jul 20 17:01:35.773976 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webroot_path/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUdgAAAA0"]
[Sun Jul 20 17:01:35.794008 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /websocket/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/websocket/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUdwAAAA0"]
[Sun Jul 20 17:01:35.794246 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/websocket/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUdwAAAA0"]
[Sun Jul 20 17:01:35.794431 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/websocket/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUdwAAAA0"]
[Sun Jul 20 17:01:35.814577 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webstatic/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webstatic/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUeAAAAA0"]
[Sun Jul 20 17:01:35.814838 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webstatic/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUeAAAAA0"]
[Sun Jul 20 17:01:35.815004 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webstatic/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUeAAAAA0"]
[Sun Jul 20 17:01:35.835040 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webui/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webui/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUeQAAAA0"]
[Sun Jul 20 17:01:35.835284 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webui/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUeQAAAA0"]
[Sun Jul 20 17:01:35.835458 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webui/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUeQAAAA0"]
[Sun Jul 20 17:01:35.870757 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /well-known/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/well-known/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUegAAAA0"]
[Sun Jul 20 17:01:35.871003 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/well-known/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUegAAAA0"]
[Sun Jul 20 17:01:35.871188 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/well-known/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUegAAAA0"]
[Sun Jul 20 17:01:35.891372 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /whturk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/whturk/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUewAAAA0"]
[Sun Jul 20 17:01:35.891621 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/whturk/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUewAAAA0"]
[Sun Jul 20 17:01:35.891833 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/whturk/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUewAAAA0"]
[Sun Jul 20 17:01:35.911970 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /windows/tests/9.2.x/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.2.x/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfAAAAA0"]
[Sun Jul 20 17:01:35.912221 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.2.x/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfAAAAA0"]
[Sun Jul 20 17:01:35.912404 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.2.x/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfAAAAA0"]
[Sun Jul 20 17:01:35.932633 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /windows/tests/9.3.x/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.3.x/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfQAAAA0"]
[Sun Jul 20 17:01:35.932883 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.3.x/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfQAAAA0"]
[Sun Jul 20 17:01:35.933087 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.3.x/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfQAAAA0"]
[Sun Jul 20 17:01:35.953174 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfgAAAA0"]
[Sun Jul 20 17:01:35.953422 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfgAAAA0"]
[Sun Jul 20 17:01:35.953606 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfgAAAA0"]
[Sun Jul 20 17:01:35.973984 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www-data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www-data/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfwAAAA0"]
[Sun Jul 20 17:01:35.974255 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www-data/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfwAAAA0"]
[Sun Jul 20 17:01:35.974468 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www-data/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUfwAAAA0"]
[Sun Jul 20 17:01:35.994537 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUgAAAAA0"]
[Sun Jul 20 17:01:35.994784 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUgAAAAA0"]
[Sun Jul 20 17:01:35.994987 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aH0Ez4xoTuBEoACPPcEUgAAAAA0"]
[Sun Jul 20 17:01:36.015127 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xx-final/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/xx-final/vue-heroes/.env"] [unique_id "aH0E0IxoTuBEoACPPcEUgQAAAA0"]
[Sun Jul 20 17:01:36.015400 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/xx-final/vue-heroes/.env"] [unique_id "aH0E0IxoTuBEoACPPcEUgQAAAA0"]
[Sun Jul 20 17:01:36.015585 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/xx-final/vue-heroes/.env"] [unique_id "aH0E0IxoTuBEoACPPcEUgQAAAA0"]
[Sun Jul 20 17:01:36.035742 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zmusic-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/zmusic-frontend/.env"] [unique_id "aH0E0IxoTuBEoACPPcEUggAAAA0"]
[Sun Jul 20 17:01:36.036008 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/zmusic-frontend/.env"] [unique_id "aH0E0IxoTuBEoACPPcEUggAAAA0"]
[Sun Jul 20 17:01:36.036206 2025] [:error] [pid 1321413] [client 185.177.72.106:6542] [client 185.177.72.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/zmusic-frontend/.env"] [unique_id "aH0E0IxoTuBEoACPPcEUggAAAA0"]
[Mon Jul 21 23:16:04.827350 2025] [:error] [pid 1359637] [client 185.177.72.16:2186] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aH6uFJ26EAeTKa2_DNaQ5wAAAAU"]
[Mon Jul 21 23:16:04.827646 2025] [:error] [pid 1359637] [client 185.177.72.16:2186] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aH6uFJ26EAeTKa2_DNaQ5wAAAAU"]
[Mon Jul 21 23:16:04.827830 2025] [:error] [pid 1359637] [client 185.177.72.16:2186] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aH6uFJ26EAeTKa2_DNaQ5wAAAAU"]
[Wed Jul 23 13:39:13.719973 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7iwAAAAI"]
[Wed Jul 23 13:39:13.720871 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7iwAAAAI"]
[Wed Jul 23 13:39:13.721032 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7iwAAAAI"]
[Wed Jul 23 13:39:13.912927 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7kAAAAAI"]
[Wed Jul 23 13:39:13.913262 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7kAAAAAI"]
[Wed Jul 23 13:39:13.913453 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7kAAAAAI"]
[Wed Jul 23 13:39:13.941198 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7kQAAAAI"]
[Wed Jul 23 13:39:13.941421 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7kQAAAAI"]
[Wed Jul 23 13:39:13.941584 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIDJ4aI4lOREpDwv3HY7kQAAAAI"]
[Wed Jul 23 13:39:13.974721 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIDJ4aI4lOREpDwv3HY7kgAAAAI"]
[Wed Jul 23 13:39:13.975074 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIDJ4aI4lOREpDwv3HY7kgAAAAI"]
[Wed Jul 23 13:39:13.975247 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIDJ4aI4lOREpDwv3HY7kgAAAAI"]
[Wed Jul 23 13:39:16.025027 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7lAAAAAI"]
[Wed Jul 23 13:39:16.025270 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7lAAAAAI"]
[Wed Jul 23 13:39:16.025449 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7lAAAAAI"]
[Wed Jul 23 13:39:16.045670 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIDJ5KI4lOREpDwv3HY7lQAAAAI"]
[Wed Jul 23 13:39:16.045831 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIDJ5KI4lOREpDwv3HY7lQAAAAI"]
[Wed Jul 23 13:39:16.046053 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIDJ5KI4lOREpDwv3HY7lQAAAAI"]
[Wed Jul 23 13:39:16.046223 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIDJ5KI4lOREpDwv3HY7lQAAAAI"]
[Wed Jul 23 13:39:16.089060 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIDJ5KI4lOREpDwv3HY7lwAAAAI"]
[Wed Jul 23 13:39:16.089334 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIDJ5KI4lOREpDwv3HY7lwAAAAI"]
[Wed Jul 23 13:39:16.089506 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIDJ5KI4lOREpDwv3HY7lwAAAAI"]
[Wed Jul 23 13:39:16.132039 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7mQAAAAI"]
[Wed Jul 23 13:39:16.132264 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7mQAAAAI"]
[Wed Jul 23 13:39:16.132418 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7mQAAAAI"]
[Wed Jul 23 13:39:16.175636 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7mwAAAAI"]
[Wed Jul 23 13:39:16.175874 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7mwAAAAI"]
[Wed Jul 23 13:39:16.176029 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7mwAAAAI"]
[Wed Jul 23 13:39:16.196060 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7nAAAAAI"]
[Wed Jul 23 13:39:16.196269 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7nAAAAAI"]
[Wed Jul 23 13:39:16.196428 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7nAAAAAI"]
[Wed Jul 23 13:39:16.243817 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravael/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7ngAAAAI"]
[Wed Jul 23 13:39:16.244021 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7ngAAAAI"]
[Wed Jul 23 13:39:16.244189 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7ngAAAAI"]
[Wed Jul 23 13:39:16.286972 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIDJ5KI4lOREpDwv3HY7oAAAAAI"]
[Wed Jul 23 13:39:16.287194 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIDJ5KI4lOREpDwv3HY7oAAAAAI"]
[Wed Jul 23 13:39:16.287356 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIDJ5KI4lOREpDwv3HY7oAAAAAI"]
[Wed Jul 23 13:39:16.307406 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7oQAAAAI"]
[Wed Jul 23 13:39:16.307620 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7oQAAAAI"]
[Wed Jul 23 13:39:16.307787 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIDJ5KI4lOREpDwv3HY7oQAAAAI"]
[Wed Jul 23 13:39:16.374582 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIDJ5KI4lOREpDwv3HY7owAAAAI"]
[Wed Jul 23 13:39:16.374820 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIDJ5KI4lOREpDwv3HY7owAAAAI"]
[Wed Jul 23 13:39:16.374986 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIDJ5KI4lOREpDwv3HY7owAAAAI"]
[Wed Jul 23 13:39:18.031189 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awsstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIDJ5qI4lOREpDwv3HY7pgAAAAI"]
[Wed Jul 23 13:39:18.031500 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIDJ5qI4lOREpDwv3HY7pgAAAAI"]
[Wed Jul 23 13:39:18.031686 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aIDJ5qI4lOREpDwv3HY7pgAAAAI"]
[Wed Jul 23 13:39:18.051750 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIDJ5qI4lOREpDwv3HY7pwAAAAI"]
[Wed Jul 23 13:39:18.051904 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIDJ5qI4lOREpDwv3HY7pwAAAAI"]
[Wed Jul 23 13:39:18.052105 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIDJ5qI4lOREpDwv3HY7pwAAAAI"]
[Wed Jul 23 13:39:18.052261 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIDJ5qI4lOREpDwv3HY7pwAAAAI"]
[Wed Jul 23 13:39:18.074697 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIDJ5qI4lOREpDwv3HY7qAAAAAI"]
[Wed Jul 23 13:39:18.074924 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIDJ5qI4lOREpDwv3HY7qAAAAAI"]
[Wed Jul 23 13:39:18.075095 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIDJ5qI4lOREpDwv3HY7qAAAAAI"]
[Wed Jul 23 13:39:19.528459 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7qwAAAAI"]
[Wed Jul 23 13:39:19.528712 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7qwAAAAI"]
[Wed Jul 23 13:39:19.528910 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7qwAAAAI"]
[Wed Jul 23 13:39:19.571841 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aIDJ56I4lOREpDwv3HY7rQAAAAI"]
[Wed Jul 23 13:39:19.572185 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aIDJ56I4lOREpDwv3HY7rQAAAAI"]
[Wed Jul 23 13:39:19.572361 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aIDJ56I4lOREpDwv3HY7rQAAAAI"]
[Wed Jul 23 13:39:19.593050 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7rgAAAAI"]
[Wed Jul 23 13:39:19.593283 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7rgAAAAI"]
[Wed Jul 23 13:39:19.593460 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7rgAAAAI"]
[Wed Jul 23 13:39:19.659426 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7sQAAAAI"]
[Wed Jul 23 13:39:19.659643 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7sQAAAAI"]
[Wed Jul 23 13:39:19.659805 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7sQAAAAI"]
[Wed Jul 23 13:39:19.680914 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7sgAAAAI"]
[Wed Jul 23 13:39:19.681245 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7sgAAAAI"]
[Wed Jul 23 13:39:19.681469 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7sgAAAAI"]
[Wed Jul 23 13:39:19.707929 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7swAAAAI"]
[Wed Jul 23 13:39:19.708216 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7swAAAAI"]
[Wed Jul 23 13:39:19.708410 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7swAAAAI"]
[Wed Jul 23 13:39:19.729391 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7tAAAAAI"]
[Wed Jul 23 13:39:19.729666 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7tAAAAAI"]
[Wed Jul 23 13:39:19.729861 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7tAAAAAI"]
[Wed Jul 23 13:39:19.750584 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7tQAAAAI"]
[Wed Jul 23 13:39:19.750804 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7tQAAAAI"]
[Wed Jul 23 13:39:19.750970 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIDJ56I4lOREpDwv3HY7tQAAAAI"]
[Wed Jul 23 13:39:19.774901 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIDJ56I4lOREpDwv3HY7tgAAAAI"]
[Wed Jul 23 13:39:19.775201 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIDJ56I4lOREpDwv3HY7tgAAAAI"]
[Wed Jul 23 13:39:19.775390 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIDJ56I4lOREpDwv3HY7tgAAAAI"]
[Wed Jul 23 13:39:19.797112 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIDJ56I4lOREpDwv3HY7twAAAAI"]
[Wed Jul 23 13:39:19.797336 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIDJ56I4lOREpDwv3HY7twAAAAI"]
[Wed Jul 23 13:39:19.797509 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIDJ56I4lOREpDwv3HY7twAAAAI"]
[Wed Jul 23 13:39:19.818790 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIDJ56I4lOREpDwv3HY7uAAAAAI"]
[Wed Jul 23 13:39:19.819009 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIDJ56I4lOREpDwv3HY7uAAAAAI"]
[Wed Jul 23 13:39:19.819183 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIDJ56I4lOREpDwv3HY7uAAAAAI"]
[Wed Jul 23 13:39:21.497646 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIDJ6aI4lOREpDwv3HY7vgAAAAI"]
[Wed Jul 23 13:39:21.497938 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIDJ6aI4lOREpDwv3HY7vgAAAAI"]
[Wed Jul 23 13:39:21.498121 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIDJ6aI4lOREpDwv3HY7vgAAAAI"]
[Wed Jul 23 13:39:21.564660 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIDJ6aI4lOREpDwv3HY7vwAAAAI"]
[Wed Jul 23 13:39:21.564892 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIDJ6aI4lOREpDwv3HY7vwAAAAI"]
[Wed Jul 23 13:39:21.565082 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIDJ6aI4lOREpDwv3HY7vwAAAAI"]
[Wed Jul 23 13:39:23.055331 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wAAAAAI"]
[Wed Jul 23 13:39:23.055577 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wAAAAAI"]
[Wed Jul 23 13:39:23.055771 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wAAAAAI"]
[Wed Jul 23 13:39:23.075930 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wQAAAAI"]
[Wed Jul 23 13:39:23.076159 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wQAAAAI"]
[Wed Jul 23 13:39:23.076339 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wQAAAAI"]
[Wed Jul 23 13:39:23.107350 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wgAAAAI"]
[Wed Jul 23 13:39:23.107585 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wgAAAAI"]
[Wed Jul 23 13:39:23.107764 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7wgAAAAI"]
[Wed Jul 23 13:39:23.173028 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xQAAAAI"]
[Wed Jul 23 13:39:23.173254 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xQAAAAI"]
[Wed Jul 23 13:39:23.173421 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xQAAAAI"]
[Wed Jul 23 13:39:23.195083 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xgAAAAI"]
[Wed Jul 23 13:39:23.195310 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xgAAAAI"]
[Wed Jul 23 13:39:23.195481 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xgAAAAI"]
[Wed Jul 23 13:39:23.236389 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xwAAAAI"]
[Wed Jul 23 13:39:23.236625 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xwAAAAI"]
[Wed Jul 23 13:39:23.236811 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7xwAAAAI"]
[Wed Jul 23 13:39:23.256802 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7yAAAAAI"]
[Wed Jul 23 13:39:23.257013 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7yAAAAAI"]
[Wed Jul 23 13:39:23.257183 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIDJ66I4lOREpDwv3HY7yAAAAAI"]
[Wed Jul 23 13:39:24.883008 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIDJ7KI4lOREpDwv3HY7yQAAAAI"]
[Wed Jul 23 13:39:24.883245 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIDJ7KI4lOREpDwv3HY7yQAAAAI"]
[Wed Jul 23 13:39:24.883439 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIDJ7KI4lOREpDwv3HY7yQAAAAI"]
[Wed Jul 23 13:39:24.908335 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIDJ7KI4lOREpDwv3HY7ygAAAAI"]
[Wed Jul 23 13:39:24.908558 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIDJ7KI4lOREpDwv3HY7ygAAAAI"]
[Wed Jul 23 13:39:24.908721 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIDJ7KI4lOREpDwv3HY7ygAAAAI"]
[Wed Jul 23 13:39:27.055321 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7ywAAAAI"]
[Wed Jul 23 13:39:27.055604 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7ywAAAAI"]
[Wed Jul 23 13:39:27.055836 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7ywAAAAI"]
[Wed Jul 23 13:39:27.076238 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zAAAAAI"]
[Wed Jul 23 13:39:27.076515 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zAAAAAI"]
[Wed Jul 23 13:39:27.076711 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zAAAAAI"]
[Wed Jul 23 13:39:27.097089 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zQAAAAI"]
[Wed Jul 23 13:39:27.097340 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zQAAAAI"]
[Wed Jul 23 13:39:27.097537 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zQAAAAI"]
[Wed Jul 23 13:39:27.121096 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zgAAAAI"]
[Wed Jul 23 13:39:27.121342 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zgAAAAI"]
[Wed Jul 23 13:39:27.121506 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zgAAAAI"]
[Wed Jul 23 13:39:27.141636 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zwAAAAI"]
[Wed Jul 23 13:39:27.141833 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zwAAAAI"]
[Wed Jul 23 13:39:27.141988 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIDJ76I4lOREpDwv3HY7zwAAAAI"]
[Wed Jul 23 13:39:27.161794 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIDJ76I4lOREpDwv3HY70AAAAAI"]
[Wed Jul 23 13:39:27.161938 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIDJ76I4lOREpDwv3HY70AAAAAI"]
[Wed Jul 23 13:39:27.162134 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIDJ76I4lOREpDwv3HY70AAAAAI"]
[Wed Jul 23 13:39:27.162293 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIDJ76I4lOREpDwv3HY70AAAAAI"]
[Wed Jul 23 13:39:27.278886 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71AAAAAI"]
[Wed Jul 23 13:39:27.279122 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71AAAAAI"]
[Wed Jul 23 13:39:27.279322 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71AAAAAI"]
[Wed Jul 23 13:39:27.301147 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71QAAAAI"]
[Wed Jul 23 13:39:27.301373 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71QAAAAI"]
[Wed Jul 23 13:39:27.301543 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71QAAAAI"]
[Wed Jul 23 13:39:27.324263 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71gAAAAI"]
[Wed Jul 23 13:39:27.324526 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71gAAAAI"]
[Wed Jul 23 13:39:27.324721 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71gAAAAI"]
[Wed Jul 23 13:39:27.359334 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71wAAAAI"]
[Wed Jul 23 13:39:27.359583 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71wAAAAI"]
[Wed Jul 23 13:39:27.359776 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aIDJ76I4lOREpDwv3HY71wAAAAI"]
[Wed Jul 23 13:39:29.228237 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIDJ8aI4lOREpDwv3HY72QAAAAI"]
[Wed Jul 23 13:39:29.229352 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIDJ8aI4lOREpDwv3HY72QAAAAI"]
[Wed Jul 23 13:39:29.229597 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aIDJ8aI4lOREpDwv3HY72QAAAAI"]
[Wed Jul 23 13:39:29.259716 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIDJ8aI4lOREpDwv3HY72gAAAAI"]
[Wed Jul 23 13:39:29.259965 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIDJ8aI4lOREpDwv3HY72gAAAAI"]
[Wed Jul 23 13:39:29.260155 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIDJ8aI4lOREpDwv3HY72gAAAAI"]
[Wed Jul 23 13:39:29.281148 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIDJ8aI4lOREpDwv3HY72wAAAAI"]
[Wed Jul 23 13:39:29.281386 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIDJ8aI4lOREpDwv3HY72wAAAAI"]
[Wed Jul 23 13:39:29.281565 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIDJ8aI4lOREpDwv3HY72wAAAAI"]
[Wed Jul 23 13:39:29.301640 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIDJ8aI4lOREpDwv3HY73AAAAAI"]
[Wed Jul 23 13:39:29.301866 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIDJ8aI4lOREpDwv3HY73AAAAAI"]
[Wed Jul 23 13:39:29.302050 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIDJ8aI4lOREpDwv3HY73AAAAAI"]
[Wed Jul 23 13:39:29.324021 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIDJ8aI4lOREpDwv3HY73QAAAAI"]
[Wed Jul 23 13:39:29.324257 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIDJ8aI4lOREpDwv3HY73QAAAAI"]
[Wed Jul 23 13:39:29.324450 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIDJ8aI4lOREpDwv3HY73QAAAAI"]
[Wed Jul 23 13:39:29.367828 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIDJ8aI4lOREpDwv3HY73wAAAAI"]
[Wed Jul 23 13:39:29.368039 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIDJ8aI4lOREpDwv3HY73wAAAAI"]
[Wed Jul 23 13:39:29.368216 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIDJ8aI4lOREpDwv3HY73wAAAAI"]
[Wed Jul 23 13:39:29.447812 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74QAAAAI"]
[Wed Jul 23 13:39:29.448039 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74QAAAAI"]
[Wed Jul 23 13:39:29.448229 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74QAAAAI"]
[Wed Jul 23 13:39:29.476299 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74gAAAAI"]
[Wed Jul 23 13:39:29.476517 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74gAAAAI"]
[Wed Jul 23 13:39:29.476708 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74gAAAAI"]
[Wed Jul 23 13:39:29.499770 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74wAAAAI"]
[Wed Jul 23 13:39:29.499995 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74wAAAAI"]
[Wed Jul 23 13:39:29.500161 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY74wAAAAI"]
[Wed Jul 23 13:39:29.522943 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY75AAAAAI"]
[Wed Jul 23 13:39:29.523143 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY75AAAAAI"]
[Wed Jul 23 13:39:29.523301 2025] [:error] [pid 1389898] [client 185.177.72.107:60112] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIDJ8aI4lOREpDwv3HY75AAAAAI"]
[Wed Jul 23 13:39:38.832236 2025] [:error] [pid 1389900] [client 185.177.72.107:14122] [client 185.177.72.107] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIDJ-m6wfjR6tSMvn7_OkwAAAAQ"]
[Wed Jul 23 13:39:38.832656 2025] [:error] [pid 1389900] [client 185.177.72.107:14122] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIDJ-m6wfjR6tSMvn7_OkwAAAAQ"]
[Wed Jul 23 13:39:38.832897 2025] [:error] [pid 1389900] [client 185.177.72.107:14122] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIDJ-m6wfjR6tSMvn7_OkwAAAAQ"]
[Wed Jul 23 13:39:59.952051 2025] [:error] [pid 1392107] [client 185.177.72.107:31760] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aIDKDyi7MZQTXQmUV0d2BAAAAAY"]
[Wed Jul 23 13:39:59.952264 2025] [:error] [pid 1392107] [client 185.177.72.107:31760] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aIDKDyi7MZQTXQmUV0d2BAAAAAY"]
[Wed Jul 23 13:39:59.952429 2025] [:error] [pid 1392107] [client 185.177.72.107:31760] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aIDKDyi7MZQTXQmUV0d2BAAAAAY"]
[Wed Jul 23 13:40:00.007618 2025] [:error] [pid 1392107] [client 185.177.72.107:31760] [client 185.177.72.107] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aIDKECi7MZQTXQmUV0d2BQAAAAY"]
[Wed Jul 23 13:40:00.007867 2025] [:error] [pid 1392107] [client 185.177.72.107:31760] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aIDKECi7MZQTXQmUV0d2BQAAAAY"]
[Wed Jul 23 13:40:00.008066 2025] [:error] [pid 1392107] [client 185.177.72.107:31760] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aIDKECi7MZQTXQmUV0d2BQAAAAY"]
[Wed Jul 23 13:40:01.859943 2025] [:error] [pid 1395506] [client 185.177.72.107:56574] [client 185.177.72.107] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aIDKEcGMhSA7EKYAZ2JxTwAAAAs"]
[Wed Jul 23 13:40:01.860189 2025] [:error] [pid 1395506] [client 185.177.72.107:56574] [client 185.177.72.107] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aIDKEcGMhSA7EKYAZ2JxTwAAAAs"]
[Wed Jul 23 13:40:01.860387 2025] [:error] [pid 1395506] [client 185.177.72.107:56574] [client 185.177.72.107] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aIDKEcGMhSA7EKYAZ2JxTwAAAAs"]
[Thu Jul 24 04:36:31.917040 2025] [:error] [pid 1416196] [client 185.177.72.144:59192] [client 185.177.72.144] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIGcL7TTPKPsRv01yUGhlwAAAAI"]
[Thu Jul 24 04:36:31.917335 2025] [:error] [pid 1416196] [client 185.177.72.144:59192] [client 185.177.72.144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIGcL7TTPKPsRv01yUGhlwAAAAI"]
[Thu Jul 24 04:36:31.917535 2025] [:error] [pid 1416196] [client 185.177.72.144:59192] [client 185.177.72.144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIGcL7TTPKPsRv01yUGhlwAAAAI"]
[Thu Jul 24 15:34:46.660432 2025] [:error] [pid 1429169] [client 213.209.143.116:59350] [client 213.209.143.116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aII2dpMIg7ZTbrgLD_jmFAAAAA8"]
[Thu Jul 24 15:34:46.660691 2025] [:error] [pid 1429169] [client 213.209.143.116:59350] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aII2dpMIg7ZTbrgLD_jmFAAAAA8"]
[Thu Jul 24 15:34:46.660887 2025] [:error] [pid 1429169] [client 213.209.143.116:59350] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aII2dpMIg7ZTbrgLD_jmFAAAAA8"]
[Fri Jul 25 18:48:10.428984 2025] [:error] [pid 1444229] [client 216.81.248.58:40536] [client 216.81.248.58] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIO1StwH1Tp7Jag_hneLfQAAACE"]
[Fri Jul 25 18:48:10.429313 2025] [:error] [pid 1444229] [client 216.81.248.58:40536] [client 216.81.248.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIO1StwH1Tp7Jag_hneLfQAAACE"]
[Fri Jul 25 18:48:10.429492 2025] [:error] [pid 1444229] [client 216.81.248.58:40536] [client 216.81.248.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIO1StwH1Tp7Jag_hneLfQAAACE"]
[Sat Jul 26 04:31:17.101643 2025] [:error] [pid 1466106] [client 77.90.153.170:60792] [client 77.90.153.170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIQ99b52y2Aq_fSyNbMETwAAAAE"]
[Sat Jul 26 04:31:17.103225 2025] [:error] [pid 1466106] [client 77.90.153.170:60792] [client 77.90.153.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIQ99b52y2Aq_fSyNbMETwAAAAE"]
[Sat Jul 26 04:31:17.103399 2025] [:error] [pid 1466106] [client 77.90.153.170:60792] [client 77.90.153.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIQ99b52y2Aq_fSyNbMETwAAAAE"]
[Sat Jul 26 06:01:15.594012 2025] [:error] [pid 1466140] [client 213.209.143.116:45810] [client 213.209.143.116] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aIRTCzHEi-oO89cLoESA0QAAAAU"]
[Sat Jul 26 06:01:15.594252 2025] [:error] [pid 1466140] [client 213.209.143.116:45810] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aIRTCzHEi-oO89cLoESA0QAAAAU"]
[Sat Jul 26 06:01:15.594410 2025] [:error] [pid 1466140] [client 213.209.143.116:45810] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aIRTCzHEi-oO89cLoESA0QAAAAU"]
[Sat Jul 26 06:01:15.780074 2025] [:error] [pid 1466109] [client 213.209.143.116:45826] [client 213.209.143.116] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site.bak"] [unique_id "aIRTC5hKYGGCYlj58s9a1QAAAAQ"]
[Sat Jul 26 06:01:15.780361 2025] [:error] [pid 1466109] [client 213.209.143.116:45826] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site.bak"] [unique_id "aIRTC5hKYGGCYlj58s9a1QAAAAQ"]
[Sat Jul 26 06:01:15.780539 2025] [:error] [pid 1466109] [client 213.209.143.116:45826] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site.bak"] [unique_id "aIRTC5hKYGGCYlj58s9a1QAAAAQ"]
[Sat Jul 26 06:36:07.510289 2025] [:error] [pid 1466109] [client 185.177.72.24:38672] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIRbN5hKYGGCYlj58s9a2AAAAAQ"]
[Sat Jul 26 06:36:07.510604 2025] [:error] [pid 1466109] [client 185.177.72.24:38672] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIRbN5hKYGGCYlj58s9a2AAAAAQ"]
[Sat Jul 26 06:36:07.510753 2025] [:error] [pid 1466109] [client 185.177.72.24:38672] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIRbN5hKYGGCYlj58s9a2AAAAAQ"]
[Sat Jul 26 07:04:14.346447 2025] [:error] [pid 1469823] [client 20.74.83.27:51556] [client 20.74.83.27] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIRhzgxjxSVdKPpmiUKk_wAAAAc"]
[Sat Jul 26 07:04:14.346741 2025] [:error] [pid 1469823] [client 20.74.83.27:51556] [client 20.74.83.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIRhzgxjxSVdKPpmiUKk_wAAAAc"]
[Sat Jul 26 07:04:14.346952 2025] [:error] [pid 1469823] [client 20.74.83.27:51556] [client 20.74.83.27] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIRhzgxjxSVdKPpmiUKk_wAAAAc"]
[Sat Jul 26 14:23:42.890015 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aITIzjkdzR67myhRtfd82QAAAAM"]
[Sat Jul 26 14:23:42.890327 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aITIzjkdzR67myhRtfd82QAAAAM"]
[Sat Jul 26 14:23:42.890519 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aITIzjkdzR67myhRtfd82QAAAAM"]
[Sat Jul 26 14:23:43.005870 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aITIzzkdzR67myhRtfd83gAAAAM"]
[Sat Jul 26 14:23:43.006111 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aITIzzkdzR67myhRtfd83gAAAAM"]
[Sat Jul 26 14:23:43.006306 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aITIzzkdzR67myhRtfd83gAAAAM"]
[Sat Jul 26 14:23:43.028355 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aITIzzkdzR67myhRtfd83wAAAAM"]
[Sat Jul 26 14:23:43.028636 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aITIzzkdzR67myhRtfd83wAAAAM"]
[Sat Jul 26 14:23:43.028826 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aITIzzkdzR67myhRtfd83wAAAAM"]
[Sat Jul 26 14:23:43.050614 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aITIzzkdzR67myhRtfd84AAAAAM"]
[Sat Jul 26 14:23:43.050966 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aITIzzkdzR67myhRtfd84AAAAAM"]
[Sat Jul 26 14:23:43.051148 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aITIzzkdzR67myhRtfd84AAAAAM"]
[Sat Jul 26 14:23:43.096242 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aITIzzkdzR67myhRtfd84gAAAAM"]
[Sat Jul 26 14:23:43.096487 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aITIzzkdzR67myhRtfd84gAAAAM"]
[Sat Jul 26 14:23:43.096674 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aITIzzkdzR67myhRtfd84gAAAAM"]
[Sat Jul 26 14:23:43.118619 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aITIzzkdzR67myhRtfd84wAAAAM"]
[Sat Jul 26 14:23:43.118780 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aITIzzkdzR67myhRtfd84wAAAAM"]
[Sat Jul 26 14:23:43.119011 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aITIzzkdzR67myhRtfd84wAAAAM"]
[Sat Jul 26 14:23:43.119223 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aITIzzkdzR67myhRtfd84wAAAAM"]
[Sat Jul 26 14:23:43.580518 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aITIzzkdzR67myhRtfd85QAAAAM"]
[Sat Jul 26 14:23:43.580776 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aITIzzkdzR67myhRtfd85QAAAAM"]
[Sat Jul 26 14:23:43.580971 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aITIzzkdzR67myhRtfd85QAAAAM"]
[Sat Jul 26 14:23:43.656067 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aITIzzkdzR67myhRtfd85wAAAAM"]
[Sat Jul 26 14:23:43.656323 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aITIzzkdzR67myhRtfd85wAAAAM"]
[Sat Jul 26 14:23:43.656530 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aITIzzkdzR67myhRtfd85wAAAAM"]
[Sat Jul 26 14:23:43.745130 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aITIzzkdzR67myhRtfd86QAAAAM"]
[Sat Jul 26 14:23:43.745361 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aITIzzkdzR67myhRtfd86QAAAAM"]
[Sat Jul 26 14:23:43.745544 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aITIzzkdzR67myhRtfd86QAAAAM"]
[Sat Jul 26 14:23:43.784117 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kyc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aITIzzkdzR67myhRtfd86gAAAAM"]
[Sat Jul 26 14:23:43.784359 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aITIzzkdzR67myhRtfd86gAAAAM"]
[Sat Jul 26 14:23:43.784573 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kyc/.env"] [unique_id "aITIzzkdzR67myhRtfd86gAAAAM"]
[Sat Jul 26 14:23:43.866788 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravael/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aITIzzkdzR67myhRtfd87AAAAAM"]
[Sat Jul 26 14:23:43.867016 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aITIzzkdzR67myhRtfd87AAAAAM"]
[Sat Jul 26 14:23:43.867200 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravael/core/.env"] [unique_id "aITIzzkdzR67myhRtfd87AAAAAM"]
[Sat Jul 26 14:23:43.929836 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aITIzzkdzR67myhRtfd87gAAAAM"]
[Sat Jul 26 14:23:43.930054 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aITIzzkdzR67myhRtfd87gAAAAM"]
[Sat Jul 26 14:23:43.930223 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aITIzzkdzR67myhRtfd87gAAAAM"]
[Sat Jul 26 14:23:43.993443 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aITIzzkdzR67myhRtfd87wAAAAM"]
[Sat Jul 26 14:23:43.993675 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aITIzzkdzR67myhRtfd87wAAAAM"]
[Sat Jul 26 14:23:43.993872 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aITIzzkdzR67myhRtfd87wAAAAM"]
[Sat Jul 26 14:23:44.125939 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aITI0DkdzR67myhRtfd88QAAAAM"]
[Sat Jul 26 14:23:44.126197 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aITI0DkdzR67myhRtfd88QAAAAM"]
[Sat Jul 26 14:23:44.126404 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aITI0DkdzR67myhRtfd88QAAAAM"]
[Sat Jul 26 14:23:44.273425 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awsstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aITI0DkdzR67myhRtfd89AAAAAM"]
[Sat Jul 26 14:23:44.273663 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aITI0DkdzR67myhRtfd89AAAAAM"]
[Sat Jul 26 14:23:44.273835 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awsstats/.env"] [unique_id "aITI0DkdzR67myhRtfd89AAAAAM"]
[Sat Jul 26 14:23:44.295654 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aITI0DkdzR67myhRtfd89QAAAAM"]
[Sat Jul 26 14:23:44.295794 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aITI0DkdzR67myhRtfd89QAAAAM"]
[Sat Jul 26 14:23:44.295999 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aITI0DkdzR67myhRtfd89QAAAAM"]
[Sat Jul 26 14:23:44.296172 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aITI0DkdzR67myhRtfd89QAAAAM"]
[Sat Jul 26 14:23:44.318094 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aITI0DkdzR67myhRtfd89gAAAAM"]
[Sat Jul 26 14:23:44.318312 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aITI0DkdzR67myhRtfd89gAAAAM"]
[Sat Jul 26 14:23:44.318506 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aITI0DkdzR67myhRtfd89gAAAAM"]
[Sat Jul 26 14:23:44.385921 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aITI0DkdzR67myhRtfd8-QAAAAM"]
[Sat Jul 26 14:23:44.386165 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aITI0DkdzR67myhRtfd8-QAAAAM"]
[Sat Jul 26 14:23:44.386375 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aITI0DkdzR67myhRtfd8-QAAAAM"]
[Sat Jul 26 14:23:44.430837 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aITI0DkdzR67myhRtfd8-wAAAAM"]
[Sat Jul 26 14:23:44.431170 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aITI0DkdzR67myhRtfd8-wAAAAM"]
[Sat Jul 26 14:23:44.431350 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/aws/ses.log"] [unique_id "aITI0DkdzR67myhRtfd8-wAAAAM"]
[Sat Jul 26 14:23:44.453338 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aITI0DkdzR67myhRtfd8_AAAAAM"]
[Sat Jul 26 14:23:44.453569 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aITI0DkdzR67myhRtfd8_AAAAAM"]
[Sat Jul 26 14:23:44.453766 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aITI0DkdzR67myhRtfd8_AAAAAM"]
[Sat Jul 26 14:23:44.498819 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aITI0DkdzR67myhRtfd8_gAAAAM"]
[Sat Jul 26 14:23:44.499055 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aITI0DkdzR67myhRtfd8_gAAAAM"]
[Sat Jul 26 14:23:44.499235 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aITI0DkdzR67myhRtfd8_gAAAAM"]
[Sat Jul 26 14:23:44.521116 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aITI0DkdzR67myhRtfd8_wAAAAM"]
[Sat Jul 26 14:23:44.521346 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aITI0DkdzR67myhRtfd8_wAAAAM"]
[Sat Jul 26 14:23:44.521522 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aITI0DkdzR67myhRtfd8_wAAAAM"]
[Sat Jul 26 14:23:44.543344 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aITI0DkdzR67myhRtfd9AAAAAAM"]
[Sat Jul 26 14:23:44.543560 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aITI0DkdzR67myhRtfd9AAAAAAM"]
[Sat Jul 26 14:23:44.543728 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aITI0DkdzR67myhRtfd9AAAAAAM"]
[Sat Jul 26 14:23:44.565635 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aITI0DkdzR67myhRtfd9AQAAAAM"]
[Sat Jul 26 14:23:44.565845 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aITI0DkdzR67myhRtfd9AQAAAAM"]
[Sat Jul 26 14:23:44.566019 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aITI0DkdzR67myhRtfd9AQAAAAM"]
[Sat Jul 26 14:23:44.587743 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aITI0DkdzR67myhRtfd9AgAAAAM"]
[Sat Jul 26 14:23:44.587953 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aITI0DkdzR67myhRtfd9AgAAAAM"]
[Sat Jul 26 14:23:44.588121 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aITI0DkdzR67myhRtfd9AgAAAAM"]
[Sat Jul 26 14:23:44.610003 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aITI0DkdzR67myhRtfd9AwAAAAM"]
[Sat Jul 26 14:23:44.610214 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aITI0DkdzR67myhRtfd9AwAAAAM"]
[Sat Jul 26 14:23:44.610395 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aITI0DkdzR67myhRtfd9AwAAAAM"]
[Sat Jul 26 14:23:44.632152 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aITI0DkdzR67myhRtfd9BAAAAAM"]
[Sat Jul 26 14:23:44.632380 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aITI0DkdzR67myhRtfd9BAAAAAM"]
[Sat Jul 26 14:23:44.632576 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aITI0DkdzR67myhRtfd9BAAAAAM"]
[Sat Jul 26 14:23:44.654450 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aITI0DkdzR67myhRtfd9BQAAAAM"]
[Sat Jul 26 14:23:44.654666 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aITI0DkdzR67myhRtfd9BQAAAAM"]
[Sat Jul 26 14:23:44.654846 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aITI0DkdzR67myhRtfd9BQAAAAM"]
[Sat Jul 26 14:23:44.790533 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aITI0DkdzR67myhRtfd9CwAAAAM"]
[Sat Jul 26 14:23:44.790781 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aITI0DkdzR67myhRtfd9CwAAAAM"]
[Sat Jul 26 14:23:44.790948 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aITI0DkdzR67myhRtfd9CwAAAAM"]
[Sat Jul 26 14:23:44.812783 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aITI0DkdzR67myhRtfd9DAAAAAM"]
[Sat Jul 26 14:23:44.812987 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aITI0DkdzR67myhRtfd9DAAAAAM"]
[Sat Jul 26 14:23:44.813171 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aITI0DkdzR67myhRtfd9DAAAAAM"]
[Sat Jul 26 14:23:44.835097 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aITI0DkdzR67myhRtfd9DQAAAAM"]
[Sat Jul 26 14:23:44.835346 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aITI0DkdzR67myhRtfd9DQAAAAM"]
[Sat Jul 26 14:23:44.835575 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aITI0DkdzR67myhRtfd9DQAAAAM"]
[Sat Jul 26 14:23:44.857462 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aITI0DkdzR67myhRtfd9DgAAAAM"]
[Sat Jul 26 14:23:44.857691 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aITI0DkdzR67myhRtfd9DgAAAAM"]
[Sat Jul 26 14:23:44.857870 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aITI0DkdzR67myhRtfd9DgAAAAM"]
[Sat Jul 26 14:23:44.879727 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aITI0DkdzR67myhRtfd9DwAAAAM"]
[Sat Jul 26 14:23:44.879973 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aITI0DkdzR67myhRtfd9DwAAAAM"]
[Sat Jul 26 14:23:44.880152 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aITI0DkdzR67myhRtfd9DwAAAAM"]
[Sat Jul 26 14:23:45.203419 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aITI0TkdzR67myhRtfd9EgAAAAM"]
[Sat Jul 26 14:23:45.203656 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aITI0TkdzR67myhRtfd9EgAAAAM"]
[Sat Jul 26 14:23:45.203842 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aITI0TkdzR67myhRtfd9EgAAAAM"]
[Sat Jul 26 14:23:45.225719 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aITI0TkdzR67myhRtfd9EwAAAAM"]
[Sat Jul 26 14:23:45.225972 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aITI0TkdzR67myhRtfd9EwAAAAM"]
[Sat Jul 26 14:23:45.226154 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aITI0TkdzR67myhRtfd9EwAAAAM"]
[Sat Jul 26 14:23:45.249693 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aITI0TkdzR67myhRtfd9FAAAAAM"]
[Sat Jul 26 14:23:45.249931 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aITI0TkdzR67myhRtfd9FAAAAAM"]
[Sat Jul 26 14:23:45.250110 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aITI0TkdzR67myhRtfd9FAAAAAM"]
[Sat Jul 26 14:23:45.271864 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aITI0TkdzR67myhRtfd9FQAAAAM"]
[Sat Jul 26 14:23:45.272080 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aITI0TkdzR67myhRtfd9FQAAAAM"]
[Sat Jul 26 14:23:45.272267 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aITI0TkdzR67myhRtfd9FQAAAAM"]
[Sat Jul 26 14:23:45.294074 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aITI0TkdzR67myhRtfd9FgAAAAM"]
[Sat Jul 26 14:23:45.294283 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aITI0TkdzR67myhRtfd9FgAAAAM"]
[Sat Jul 26 14:23:45.294467 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aITI0TkdzR67myhRtfd9FgAAAAM"]
[Sat Jul 26 14:23:45.317633 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aITI0TkdzR67myhRtfd9FwAAAAM"]
[Sat Jul 26 14:23:45.317854 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aITI0TkdzR67myhRtfd9FwAAAAM"]
[Sat Jul 26 14:23:45.318038 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aITI0TkdzR67myhRtfd9FwAAAAM"]
[Sat Jul 26 14:23:45.339872 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aITI0TkdzR67myhRtfd9GAAAAAM"]
[Sat Jul 26 14:23:45.340113 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aITI0TkdzR67myhRtfd9GAAAAAM"]
[Sat Jul 26 14:23:45.340282 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aITI0TkdzR67myhRtfd9GAAAAAM"]
[Sat Jul 26 14:23:45.362689 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aITI0TkdzR67myhRtfd9GQAAAAM"]
[Sat Jul 26 14:23:45.362944 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aITI0TkdzR67myhRtfd9GQAAAAM"]
[Sat Jul 26 14:23:45.363192 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aITI0TkdzR67myhRtfd9GQAAAAM"]
[Sat Jul 26 14:23:45.385065 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aITI0TkdzR67myhRtfd9GgAAAAM"]
[Sat Jul 26 14:23:45.385301 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aITI0TkdzR67myhRtfd9GgAAAAM"]
[Sat Jul 26 14:23:45.385513 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aITI0TkdzR67myhRtfd9GgAAAAM"]
[Sat Jul 26 14:23:45.428471 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aITI0TkdzR67myhRtfd9GwAAAAM"]
[Sat Jul 26 14:23:45.428824 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aITI0TkdzR67myhRtfd9GwAAAAM"]
[Sat Jul 26 14:23:45.429074 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aITI0TkdzR67myhRtfd9GwAAAAM"]
[Sat Jul 26 14:23:45.459513 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aITI0TkdzR67myhRtfd9HAAAAAM"]
[Sat Jul 26 14:23:45.459779 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aITI0TkdzR67myhRtfd9HAAAAAM"]
[Sat Jul 26 14:23:45.459958 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aITI0TkdzR67myhRtfd9HAAAAAM"]
[Sat Jul 26 14:23:45.497006 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aITI0TkdzR67myhRtfd9HQAAAAM"]
[Sat Jul 26 14:23:45.497158 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aITI0TkdzR67myhRtfd9HQAAAAM"]
[Sat Jul 26 14:23:45.497395 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aITI0TkdzR67myhRtfd9HQAAAAM"]
[Sat Jul 26 14:23:45.497609 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aITI0TkdzR67myhRtfd9HQAAAAM"]
[Sat Jul 26 14:23:45.611189 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aITI0TkdzR67myhRtfd9IQAAAAM"]
[Sat Jul 26 14:23:45.611415 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aITI0TkdzR67myhRtfd9IQAAAAM"]
[Sat Jul 26 14:23:45.611593 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aITI0TkdzR67myhRtfd9IQAAAAM"]
[Sat Jul 26 14:23:45.633983 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aITI0TkdzR67myhRtfd9IgAAAAM"]
[Sat Jul 26 14:23:45.634245 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aITI0TkdzR67myhRtfd9IgAAAAM"]
[Sat Jul 26 14:23:45.634518 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aITI0TkdzR67myhRtfd9IgAAAAM"]
[Sat Jul 26 14:23:45.656299 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aITI0TkdzR67myhRtfd9IwAAAAM"]
[Sat Jul 26 14:23:45.656523 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aITI0TkdzR67myhRtfd9IwAAAAM"]
[Sat Jul 26 14:23:45.656684 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aITI0TkdzR67myhRtfd9IwAAAAM"]
[Sat Jul 26 14:23:45.678540 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aITI0TkdzR67myhRtfd9JAAAAAM"]
[Sat Jul 26 14:23:45.678790 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aITI0TkdzR67myhRtfd9JAAAAAM"]
[Sat Jul 26 14:23:45.678961 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aITI0TkdzR67myhRtfd9JAAAAAM"]
[Sat Jul 26 14:23:45.723475 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aITI0TkdzR67myhRtfd9JgAAAAM"]
[Sat Jul 26 14:23:45.723688 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aITI0TkdzR67myhRtfd9JgAAAAM"]
[Sat Jul 26 14:23:45.723869 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aITI0TkdzR67myhRtfd9JgAAAAM"]
[Sat Jul 26 14:23:45.745623 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aITI0TkdzR67myhRtfd9JwAAAAM"]
[Sat Jul 26 14:23:45.745831 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aITI0TkdzR67myhRtfd9JwAAAAM"]
[Sat Jul 26 14:23:45.746001 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aITI0TkdzR67myhRtfd9JwAAAAM"]
[Sat Jul 26 14:23:45.767887 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aITI0TkdzR67myhRtfd9KAAAAAM"]
[Sat Jul 26 14:23:45.768098 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aITI0TkdzR67myhRtfd9KAAAAAM"]
[Sat Jul 26 14:23:45.768319 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aITI0TkdzR67myhRtfd9KAAAAAM"]
[Sat Jul 26 14:23:45.790000 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aITI0TkdzR67myhRtfd9KQAAAAM"]
[Sat Jul 26 14:23:45.790201 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aITI0TkdzR67myhRtfd9KQAAAAM"]
[Sat Jul 26 14:23:45.790387 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aITI0TkdzR67myhRtfd9KQAAAAM"]
[Sat Jul 26 14:23:45.812230 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aITI0TkdzR67myhRtfd9KgAAAAM"]
[Sat Jul 26 14:23:45.812500 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aITI0TkdzR67myhRtfd9KgAAAAM"]
[Sat Jul 26 14:23:45.812699 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aITI0TkdzR67myhRtfd9KgAAAAM"]
[Sat Jul 26 14:23:45.857274 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aITI0TkdzR67myhRtfd9LAAAAAM"]
[Sat Jul 26 14:23:45.857500 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aITI0TkdzR67myhRtfd9LAAAAAM"]
[Sat Jul 26 14:23:45.857685 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aITI0TkdzR67myhRtfd9LAAAAAM"]
[Sat Jul 26 14:23:45.902270 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aITI0TkdzR67myhRtfd9LgAAAAM"]
[Sat Jul 26 14:23:45.902583 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aITI0TkdzR67myhRtfd9LgAAAAM"]
[Sat Jul 26 14:23:45.902788 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aITI0TkdzR67myhRtfd9LgAAAAM"]
[Sat Jul 26 14:23:45.924562 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aITI0TkdzR67myhRtfd9LwAAAAM"]
[Sat Jul 26 14:23:45.924783 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aITI0TkdzR67myhRtfd9LwAAAAM"]
[Sat Jul 26 14:23:45.924979 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aITI0TkdzR67myhRtfd9LwAAAAM"]
[Sat Jul 26 14:23:45.946832 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aITI0TkdzR67myhRtfd9MAAAAAM"]
[Sat Jul 26 14:23:45.947078 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aITI0TkdzR67myhRtfd9MAAAAAM"]
[Sat Jul 26 14:23:45.947251 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aITI0TkdzR67myhRtfd9MAAAAAM"]
[Sat Jul 26 14:23:45.969373 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aITI0TkdzR67myhRtfd9MQAAAAM"]
[Sat Jul 26 14:23:45.969634 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aITI0TkdzR67myhRtfd9MQAAAAM"]
[Sat Jul 26 14:23:45.969825 2025] [:error] [pid 1466108] [client 185.177.72.115:59520] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aITI0TkdzR67myhRtfd9MQAAAAM"]
[Sat Jul 26 14:23:47.112155 2025] [:error] [pid 1466107] [client 185.177.72.115:59528] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aITI0-WwZyhSDhmHhJ_1OQAAAAI"]
[Sat Jul 26 14:23:47.112515 2025] [:error] [pid 1466107] [client 185.177.72.115:59528] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aITI0-WwZyhSDhmHhJ_1OQAAAAI"]
[Sat Jul 26 14:23:47.112703 2025] [:error] [pid 1466107] [client 185.177.72.115:59528] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aITI0-WwZyhSDhmHhJ_1OQAAAAI"]
[Sat Jul 26 14:23:48.214641 2025] [:error] [pid 1466140] [client 185.177.72.115:59546] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aITI1DHEi-oO89cLoESBxwAAAAU"]
[Sat Jul 26 14:23:48.214863 2025] [:error] [pid 1466140] [client 185.177.72.115:59546] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aITI1DHEi-oO89cLoESBxwAAAAU"]
[Sat Jul 26 14:23:48.215022 2025] [:error] [pid 1466140] [client 185.177.72.115:59546] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aITI1DHEi-oO89cLoESBxwAAAAU"]
[Sat Jul 26 14:23:48.236748 2025] [:error] [pid 1466140] [client 185.177.72.115:59546] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aITI1DHEi-oO89cLoESByAAAAAU"]
[Sat Jul 26 14:23:48.236935 2025] [:error] [pid 1466140] [client 185.177.72.115:59546] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aITI1DHEi-oO89cLoESByAAAAAU"]
[Sat Jul 26 14:23:48.237094 2025] [:error] [pid 1466140] [client 185.177.72.115:59546] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aITI1DHEi-oO89cLoESByAAAAAU"]
[Sat Jul 26 14:23:48.808386 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aITI1AxjxSVdKPpmiUKlfAAAAAc"]
[Sat Jul 26 14:23:48.808639 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aITI1AxjxSVdKPpmiUKlfAAAAAc"]
[Sat Jul 26 14:23:48.808815 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aITI1AxjxSVdKPpmiUKlfAAAAAc"]
[Sat Jul 26 14:23:49.122106 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aITI1QxjxSVdKPpmiUKlhQAAAAc"]
[Sat Jul 26 14:23:49.122379 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aITI1QxjxSVdKPpmiUKlhQAAAAc"]
[Sat Jul 26 14:23:49.122568 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aITI1QxjxSVdKPpmiUKlhQAAAAc"]
[Sat Jul 26 14:23:49.151474 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aITI1QxjxSVdKPpmiUKlhgAAAAc"]
[Sat Jul 26 14:23:49.151723 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aITI1QxjxSVdKPpmiUKlhgAAAAc"]
[Sat Jul 26 14:23:49.151925 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aITI1QxjxSVdKPpmiUKlhgAAAAc"]
[Sat Jul 26 14:23:49.180630 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aITI1QxjxSVdKPpmiUKlhwAAAAc"]
[Sat Jul 26 14:23:49.180885 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aITI1QxjxSVdKPpmiUKlhwAAAAc"]
[Sat Jul 26 14:23:49.181103 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aITI1QxjxSVdKPpmiUKlhwAAAAc"]
[Sat Jul 26 14:23:49.419874 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aITI1QxjxSVdKPpmiUKljwAAAAc"]
[Sat Jul 26 14:23:49.420225 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aITI1QxjxSVdKPpmiUKljwAAAAc"]
[Sat Jul 26 14:23:49.420507 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aITI1QxjxSVdKPpmiUKljwAAAAc"]
[Sat Jul 26 14:23:49.450785 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkAAAAAc"]
[Sat Jul 26 14:23:49.451043 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkAAAAAc"]
[Sat Jul 26 14:23:49.451249 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkAAAAAc"]
[Sat Jul 26 14:23:49.480137 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkQAAAAc"]
[Sat Jul 26 14:23:49.480371 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkQAAAAc"]
[Sat Jul 26 14:23:49.480586 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkQAAAAc"]
[Sat Jul 26 14:23:49.509447 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkgAAAAc"]
[Sat Jul 26 14:23:49.509693 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkgAAAAc"]
[Sat Jul 26 14:23:49.509896 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlkgAAAAc"]
[Sat Jul 26 14:23:49.569558 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aITI1QxjxSVdKPpmiUKllAAAAAc"]
[Sat Jul 26 14:23:49.569800 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aITI1QxjxSVdKPpmiUKllAAAAAc"]
[Sat Jul 26 14:23:49.569992 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aITI1QxjxSVdKPpmiUKllAAAAAc"]
[Sat Jul 26 14:23:49.598888 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aITI1QxjxSVdKPpmiUKllQAAAAc"]
[Sat Jul 26 14:23:49.599131 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aITI1QxjxSVdKPpmiUKllQAAAAc"]
[Sat Jul 26 14:23:49.599324 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aITI1QxjxSVdKPpmiUKllQAAAAc"]
[Sat Jul 26 14:23:49.688039 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlmAAAAAc"]
[Sat Jul 26 14:23:49.688272 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlmAAAAAc"]
[Sat Jul 26 14:23:49.688464 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlmAAAAAc"]
[Sat Jul 26 14:23:49.717497 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlmQAAAAc"]
[Sat Jul 26 14:23:49.717733 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlmQAAAAc"]
[Sat Jul 26 14:23:49.717925 2025] [:error] [pid 1469823] [client 185.177.72.115:59556] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aITI1QxjxSVdKPpmiUKlmQAAAAc"]
[Sat Jul 26 14:40:49.479905 2025] [:error] [pid 1466107] [client 18.191.103.182:41328] [client 18.191.103.182] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aITM0eWwZyhSDhmHhJ_1QAAAAAI"]
[Sat Jul 26 14:40:49.480173 2025] [:error] [pid 1466107] [client 18.191.103.182:41328] [client 18.191.103.182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aITM0eWwZyhSDhmHhJ_1QAAAAAI"]
[Sat Jul 26 14:40:49.480339 2025] [:error] [pid 1466107] [client 18.191.103.182:41328] [client 18.191.103.182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aITM0eWwZyhSDhmHhJ_1QAAAAAI"]
[Sun Jul 27 02:16:08.752467 2025] [:error] [pid 1486777] [client 3.218.145.0:52166] [client 3.218.145.0] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIVvyHtwiTQzdpq2oQD1tQAAAAQ"]
[Sun Jul 27 02:16:08.752764 2025] [:error] [pid 1486777] [client 3.218.145.0:52166] [client 3.218.145.0] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIVvyHtwiTQzdpq2oQD1tQAAAAQ"]
[Sun Jul 27 02:16:08.752930 2025] [:error] [pid 1486777] [client 3.218.145.0:52166] [client 3.218.145.0] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIVvyHtwiTQzdpq2oQD1tQAAAAQ"]
[Sun Jul 27 18:22:53.668926 2025] [:error] [pid 1495876] [client 93.123.109.7:47158] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIZSXeWBJAKUjtGl5KHjcQAAABY"]
[Sun Jul 27 18:22:53.669209 2025] [:error] [pid 1495876] [client 93.123.109.7:47158] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIZSXeWBJAKUjtGl5KHjcQAAABY"]
[Sun Jul 27 18:22:53.669387 2025] [:error] [pid 1495876] [client 93.123.109.7:47158] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIZSXeWBJAKUjtGl5KHjcQAAABY"]
[Sun Jul 27 23:36:20.527665 2025] [:error] [pid 1495876] [client 185.177.72.24:55514] [client 185.177.72.24] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIab1OWBJAKUjtGl5KHjjwAAABY"]
[Sun Jul 27 23:36:20.527989 2025] [:error] [pid 1495876] [client 185.177.72.24:55514] [client 185.177.72.24] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIab1OWBJAKUjtGl5KHjjwAAABY"]
[Sun Jul 27 23:36:20.528157 2025] [:error] [pid 1495876] [client 185.177.72.24:55514] [client 185.177.72.24] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIab1OWBJAKUjtGl5KHjjwAAABY"]
[Mon Jul 28 12:12:34.570846 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5sAAAAAY"]
[Mon Jul 28 12:12:34.571131 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5sAAAAAY"]
[Mon Jul 28 12:12:34.571302 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5sAAAAAY"]
[Mon Jul 28 12:12:34.591484 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIdNElZrvY5pTGkMO5x5sQAAAAY"]
[Mon Jul 28 12:12:34.591724 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIdNElZrvY5pTGkMO5x5sQAAAAY"]
[Mon Jul 28 12:12:34.591905 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIdNElZrvY5pTGkMO5x5sQAAAAY"]
[Mon Jul 28 12:12:34.612208 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aIdNElZrvY5pTGkMO5x5sgAAAAY"]
[Mon Jul 28 12:12:34.612449 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aIdNElZrvY5pTGkMO5x5sgAAAAY"]
[Mon Jul 28 12:12:34.612628 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aIdNElZrvY5pTGkMO5x5sgAAAAY"]
[Mon Jul 28 12:12:34.632739 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aIdNElZrvY5pTGkMO5x5swAAAAY"]
[Mon Jul 28 12:12:34.632989 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aIdNElZrvY5pTGkMO5x5swAAAAY"]
[Mon Jul 28 12:12:34.633203 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aIdNElZrvY5pTGkMO5x5swAAAAY"]
[Mon Jul 28 12:12:34.655194 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIdNElZrvY5pTGkMO5x5tAAAAAY"]
[Mon Jul 28 12:12:34.655447 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIdNElZrvY5pTGkMO5x5tAAAAAY"]
[Mon Jul 28 12:12:34.655644 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIdNElZrvY5pTGkMO5x5tAAAAAY"]
[Mon Jul 28 12:12:34.675763 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIdNElZrvY5pTGkMO5x5tQAAAAY"]
[Mon Jul 28 12:12:34.676096 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIdNElZrvY5pTGkMO5x5tQAAAAY"]
[Mon Jul 28 12:12:34.676312 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIdNElZrvY5pTGkMO5x5tQAAAAY"]
[Mon Jul 28 12:12:34.696754 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIdNElZrvY5pTGkMO5x5tgAAAAY"]
[Mon Jul 28 12:12:34.697051 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIdNElZrvY5pTGkMO5x5tgAAAAY"]
[Mon Jul 28 12:12:34.697361 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIdNElZrvY5pTGkMO5x5tgAAAAY"]
[Mon Jul 28 12:12:34.717388 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aIdNElZrvY5pTGkMO5x5twAAAAY"]
[Mon Jul 28 12:12:34.717621 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aIdNElZrvY5pTGkMO5x5twAAAAY"]
[Mon Jul 28 12:12:34.717797 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aIdNElZrvY5pTGkMO5x5twAAAAY"]
[Mon Jul 28 12:12:34.737994 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIdNElZrvY5pTGkMO5x5uAAAAAY"]
[Mon Jul 28 12:12:34.738324 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIdNElZrvY5pTGkMO5x5uAAAAAY"]
[Mon Jul 28 12:12:34.738607 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIdNElZrvY5pTGkMO5x5uAAAAAY"]
[Mon Jul 28 12:12:34.759747 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIdNElZrvY5pTGkMO5x5uQAAAAY"]
[Mon Jul 28 12:12:34.759911 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIdNElZrvY5pTGkMO5x5uQAAAAY"]
[Mon Jul 28 12:12:34.760134 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIdNElZrvY5pTGkMO5x5uQAAAAY"]
[Mon Jul 28 12:12:34.760311 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIdNElZrvY5pTGkMO5x5uQAAAAY"]
[Mon Jul 28 12:12:34.780285 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIdNElZrvY5pTGkMO5x5ugAAAAY"]
[Mon Jul 28 12:12:34.780466 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIdNElZrvY5pTGkMO5x5ugAAAAY"]
[Mon Jul 28 12:12:34.780683 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIdNElZrvY5pTGkMO5x5ugAAAAY"]
[Mon Jul 28 12:12:34.780884 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIdNElZrvY5pTGkMO5x5ugAAAAY"]
[Mon Jul 28 12:12:34.801068 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5uwAAAAY"]
[Mon Jul 28 12:12:34.801375 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5uwAAAAY"]
[Mon Jul 28 12:12:34.801574 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5uwAAAAY"]
[Mon Jul 28 12:12:34.843211 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vQAAAAY"]
[Mon Jul 28 12:12:34.843443 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vQAAAAY"]
[Mon Jul 28 12:12:34.843613 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vQAAAAY"]
[Mon Jul 28 12:12:34.863695 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vgAAAAY"]
[Mon Jul 28 12:12:34.863914 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vgAAAAY"]
[Mon Jul 28 12:12:34.864076 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vgAAAAY"]
[Mon Jul 28 12:12:34.884100 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vwAAAAY"]
[Mon Jul 28 12:12:34.884311 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vwAAAAY"]
[Mon Jul 28 12:12:34.884478 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5vwAAAAY"]
[Mon Jul 28 12:12:34.904518 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wAAAAAY"]
[Mon Jul 28 12:12:34.904716 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wAAAAAY"]
[Mon Jul 28 12:12:34.904884 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wAAAAAY"]
[Mon Jul 28 12:12:34.924961 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wQAAAAY"]
[Mon Jul 28 12:12:34.925157 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wQAAAAY"]
[Mon Jul 28 12:12:34.925314 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wQAAAAY"]
[Mon Jul 28 12:12:34.945187 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wgAAAAY"]
[Mon Jul 28 12:12:34.945373 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wgAAAAY"]
[Mon Jul 28 12:12:34.945524 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIdNElZrvY5pTGkMO5x5wgAAAAY"]
[Mon Jul 28 12:12:34.986534 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIdNElZrvY5pTGkMO5x5xAAAAAY"]
[Mon Jul 28 12:12:34.986750 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIdNElZrvY5pTGkMO5x5xAAAAAY"]
[Mon Jul 28 12:12:34.986916 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIdNElZrvY5pTGkMO5x5xAAAAAY"]
[Mon Jul 28 12:12:35.006967 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIdNE1ZrvY5pTGkMO5x5xQAAAAY"]
[Mon Jul 28 12:12:35.007171 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIdNE1ZrvY5pTGkMO5x5xQAAAAY"]
[Mon Jul 28 12:12:35.007363 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIdNE1ZrvY5pTGkMO5x5xQAAAAY"]
[Mon Jul 28 12:12:35.337559 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIdNE1ZrvY5pTGkMO5x51AAAAAY"]
[Mon Jul 28 12:12:35.337776 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIdNE1ZrvY5pTGkMO5x51AAAAAY"]
[Mon Jul 28 12:12:35.337955 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIdNE1ZrvY5pTGkMO5x51AAAAAY"]
[Mon Jul 28 12:12:35.357997 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aIdNE1ZrvY5pTGkMO5x51QAAAAY"]
[Mon Jul 28 12:12:35.358208 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aIdNE1ZrvY5pTGkMO5x51QAAAAY"]
[Mon Jul 28 12:12:35.358413 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aIdNE1ZrvY5pTGkMO5x51QAAAAY"]
[Mon Jul 28 12:12:35.378353 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aIdNE1ZrvY5pTGkMO5x51gAAAAY"]
[Mon Jul 28 12:12:35.378584 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aIdNE1ZrvY5pTGkMO5x51gAAAAY"]
[Mon Jul 28 12:12:35.378757 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aIdNE1ZrvY5pTGkMO5x51gAAAAY"]
[Mon Jul 28 12:12:35.420112 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/workspace.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aIdNE1ZrvY5pTGkMO5x52AAAAAY"]
[Mon Jul 28 12:12:35.420335 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aIdNE1ZrvY5pTGkMO5x52AAAAAY"]
[Mon Jul 28 12:12:35.420525 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/workspace.xml"] [unique_id "aIdNE1ZrvY5pTGkMO5x52AAAAAY"]
[Mon Jul 28 12:12:35.666328 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x52gAAAAY"]
[Mon Jul 28 12:12:35.666738 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x52gAAAAY"]
[Mon Jul 28 12:12:35.666946 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x52gAAAAY"]
[Mon Jul 28 12:12:35.687182 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x52wAAAAY"]
[Mon Jul 28 12:12:35.687541 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x52wAAAAY"]
[Mon Jul 28 12:12:35.687739 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/error.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x52wAAAAY"]
[Mon Jul 28 12:12:35.707798 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53AAAAAY"]
[Mon Jul 28 12:12:35.708146 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53AAAAAY"]
[Mon Jul 28 12:12:35.708340 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53AAAAAY"]
[Mon Jul 28 12:12:35.728367 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53QAAAAY"]
[Mon Jul 28 12:12:35.728713 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53QAAAAY"]
[Mon Jul 28 12:12:35.728904 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53QAAAAY"]
[Mon Jul 28 12:12:35.748968 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53gAAAAY"]
[Mon Jul 28 12:12:35.749306 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53gAAAAY"]
[Mon Jul 28 12:12:35.749506 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53gAAAAY"]
[Mon Jul 28 12:12:35.770865 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53wAAAAY"]
[Mon Jul 28 12:12:35.771213 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53wAAAAY"]
[Mon Jul 28 12:12:35.771407 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aIdNE1ZrvY5pTGkMO5x53wAAAAY"]
[Mon Jul 28 12:12:35.791557 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aIdNE1ZrvY5pTGkMO5x54AAAAAY"]
[Mon Jul 28 12:12:35.791780 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aIdNE1ZrvY5pTGkMO5x54AAAAAY"]
[Mon Jul 28 12:12:35.791963 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aIdNE1ZrvY5pTGkMO5x54AAAAAY"]
[Mon Jul 28 12:12:35.835470 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aIdNE1ZrvY5pTGkMO5x54gAAAAY"]
[Mon Jul 28 12:12:35.835769 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aIdNE1ZrvY5pTGkMO5x54gAAAAY"]
[Mon Jul 28 12:12:35.835937 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup"] [unique_id "aIdNE1ZrvY5pTGkMO5x54gAAAAY"]
[Mon Jul 28 12:12:35.857646 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x54wAAAAY"]
[Mon Jul 28 12:12:35.857951 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x54wAAAAY"]
[Mon Jul 28 12:12:35.858124 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x54wAAAAY"]
[Mon Jul 28 12:12:35.878532 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x55AAAAAY"]
[Mon Jul 28 12:12:35.878859 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x55AAAAAY"]
[Mon Jul 28 12:12:35.879058 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x55AAAAAY"]
[Mon Jul 28 12:12:35.899368 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x55QAAAAY"]
[Mon Jul 28 12:12:35.899710 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x55QAAAAY"]
[Mon Jul 28 12:12:35.899915 2025] [:error] [pid 1516225] [client 185.177.72.12:41570] [client 185.177.72.12] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aIdNE1ZrvY5pTGkMO5x55QAAAAY"]
[Mon Jul 28 20:45:54.109205 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aIfFYl4f-9g1kJksHwudygAAAAk"]
[Mon Jul 28 20:45:54.109535 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aIfFYl4f-9g1kJksHwudygAAAAk"]
[Mon Jul 28 20:45:54.109691 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aIfFYl4f-9g1kJksHwudygAAAAk"]
[Mon Jul 28 20:45:54.590646 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIfFYl4f-9g1kJksHwud3wAAAAk"]
[Mon Jul 28 20:45:54.590868 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIfFYl4f-9g1kJksHwud3wAAAAk"]
[Mon Jul 28 20:45:54.591041 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aIfFYl4f-9g1kJksHwud3wAAAAk"]
[Mon Jul 28 20:45:54.658984 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aIfFYl4f-9g1kJksHwud4gAAAAk"]
[Mon Jul 28 20:45:54.659393 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aIfFYl4f-9g1kJksHwud4gAAAAk"]
[Mon Jul 28 20:45:54.659624 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aIfFYl4f-9g1kJksHwud4gAAAAk"]
[Mon Jul 28 20:45:54.741788 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIfFYl4f-9g1kJksHwud5QAAAAk"]
[Mon Jul 28 20:45:54.741971 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIfFYl4f-9g1kJksHwud5QAAAAk"]
[Mon Jul 28 20:45:54.742230 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIfFYl4f-9g1kJksHwud5QAAAAk"]
[Mon Jul 28 20:45:54.742435 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aIfFYl4f-9g1kJksHwud5QAAAAk"]
[Mon Jul 28 20:45:54.764403 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIfFYl4f-9g1kJksHwud5gAAAAk"]
[Mon Jul 28 20:45:54.764657 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIfFYl4f-9g1kJksHwud5gAAAAk"]
[Mon Jul 28 20:45:54.764830 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aIfFYl4f-9g1kJksHwud5gAAAAk"]
[Mon Jul 28 20:45:54.786796 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aIfFYl4f-9g1kJksHwud5wAAAAk"]
[Mon Jul 28 20:45:54.786950 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aIfFYl4f-9g1kJksHwud5wAAAAk"]
[Mon Jul 28 20:45:54.787177 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aIfFYl4f-9g1kJksHwud5wAAAAk"]
[Mon Jul 28 20:45:54.787375 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aIfFYl4f-9g1kJksHwud5wAAAAk"]
[Mon Jul 28 20:45:54.809392 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIfFYl4f-9g1kJksHwud6AAAAAk"]
[Mon Jul 28 20:45:54.809625 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIfFYl4f-9g1kJksHwud6AAAAAk"]
[Mon Jul 28 20:45:54.809802 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aIfFYl4f-9g1kJksHwud6AAAAAk"]
[Mon Jul 28 20:45:54.831855 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIfFYl4f-9g1kJksHwud6QAAAAk"]
[Mon Jul 28 20:45:54.831999 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIfFYl4f-9g1kJksHwud6QAAAAk"]
[Mon Jul 28 20:45:54.832249 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIfFYl4f-9g1kJksHwud6QAAAAk"]
[Mon Jul 28 20:45:54.832425 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aIfFYl4f-9g1kJksHwud6QAAAAk"]
[Mon Jul 28 20:45:54.854502 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.www"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "aIfFYl4f-9g1kJksHwud6gAAAAk"]
[Mon Jul 28 20:45:54.854734 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "aIfFYl4f-9g1kJksHwud6gAAAAk"]
[Mon Jul 28 20:45:54.854902 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.www"] [unique_id "aIfFYl4f-9g1kJksHwud6gAAAAk"]
[Mon Jul 28 20:45:54.877543 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aIfFYl4f-9g1kJksHwud6wAAAAk"]
[Mon Jul 28 20:45:54.877838 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aIfFYl4f-9g1kJksHwud6wAAAAk"]
[Mon Jul 28 20:45:54.878010 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/.env"] [unique_id "aIfFYl4f-9g1kJksHwud6wAAAAk"]
[Mon Jul 28 20:45:54.899971 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aIfFYl4f-9g1kJksHwud7AAAAAk"]
[Mon Jul 28 20:45:54.900191 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aIfFYl4f-9g1kJksHwud7AAAAAk"]
[Mon Jul 28 20:45:54.900379 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aIfFYl4f-9g1kJksHwud7AAAAAk"]
[Mon Jul 28 20:45:54.922373 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIfFYl4f-9g1kJksHwud7QAAAAk"]
[Mon Jul 28 20:45:54.922600 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIfFYl4f-9g1kJksHwud7QAAAAk"]
[Mon Jul 28 20:45:54.922777 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aIfFYl4f-9g1kJksHwud7QAAAAk"]
[Mon Jul 28 20:45:54.944816 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "aIfFYl4f-9g1kJksHwud7gAAAAk"]
[Mon Jul 28 20:45:54.945070 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "aIfFYl4f-9g1kJksHwud7gAAAAk"]
[Mon Jul 28 20:45:54.945241 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_1"] [unique_id "aIfFYl4f-9g1kJksHwud7gAAAAk"]
[Mon Jul 28 20:45:54.967577 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIfFYl4f-9g1kJksHwud7wAAAAk"]
[Mon Jul 28 20:45:54.967806 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIfFYl4f-9g1kJksHwud7wAAAAk"]
[Mon Jul 28 20:45:54.967983 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aIfFYl4f-9g1kJksHwud7wAAAAk"]
[Mon Jul 28 20:45:55.036744 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.environment"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.environment"] [unique_id "aIfFY14f-9g1kJksHwud8gAAAAk"]
[Mon Jul 28 20:45:55.037076 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.environment"] [unique_id "aIfFY14f-9g1kJksHwud8gAAAAk"]
[Mon Jul 28 20:45:55.037270 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.environment"] [unique_id "aIfFY14f-9g1kJksHwud8gAAAAk"]
[Mon Jul 28 20:45:55.059297 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIfFY14f-9g1kJksHwud8wAAAAk"]
[Mon Jul 28 20:45:55.059529 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIfFY14f-9g1kJksHwud8wAAAAk"]
[Mon Jul 28 20:45:55.059712 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aIfFY14f-9g1kJksHwud8wAAAAk"]
[Mon Jul 28 20:45:55.081914 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIfFY14f-9g1kJksHwud9AAAAAk"]
[Mon Jul 28 20:45:55.082157 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIfFY14f-9g1kJksHwud9AAAAAk"]
[Mon Jul 28 20:45:55.082364 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aIfFY14f-9g1kJksHwud9AAAAAk"]
[Mon Jul 28 20:45:55.174023 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aIfFY14f-9g1kJksHwud-AAAAAk"]
[Mon Jul 28 20:45:55.174258 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aIfFY14f-9g1kJksHwud-AAAAAk"]
[Mon Jul 28 20:45:55.174455 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs"] [unique_id "aIfFY14f-9g1kJksHwud-AAAAAk"]
[Mon Jul 28 20:45:55.197007 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aIfFY14f-9g1kJksHwud-QAAAAk"]
[Mon Jul 28 20:45:55.197249 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aIfFY14f-9g1kJksHwud-QAAAAk"]
[Mon Jul 28 20:45:55.197447 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker"] [unique_id "aIfFY14f-9g1kJksHwud-QAAAAk"]
[Mon Jul 28 20:45:55.219617 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aIfFY14f-9g1kJksHwud-gAAAAk"]
[Mon Jul 28 20:45:55.219877 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aIfFY14f-9g1kJksHwud-gAAAAk"]
[Mon Jul 28 20:45:55.220163 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aIfFY14f-9g1kJksHwud-gAAAAk"]
[Mon Jul 28 20:45:55.242131 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_bak"] [unique_id "aIfFY14f-9g1kJksHwud-wAAAAk"]
[Mon Jul 28 20:45:55.242429 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_bak"] [unique_id "aIfFY14f-9g1kJksHwud-wAAAAk"]
[Mon Jul 28 20:45:55.242689 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_bak"] [unique_id "aIfFY14f-9g1kJksHwud-wAAAAk"]
[Mon Jul 28 20:45:55.264620 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aIfFY14f-9g1kJksHwud_AAAAAk"]
[Mon Jul 28 20:45:55.264839 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aIfFY14f-9g1kJksHwud_AAAAAk"]
[Mon Jul 28 20:45:55.265015 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.php"] [unique_id "aIfFY14f-9g1kJksHwud_AAAAAk"]
[Mon Jul 28 20:45:55.287038 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aIfFY14f-9g1kJksHwud_QAAAAk"]
[Mon Jul 28 20:45:55.287271 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aIfFY14f-9g1kJksHwud_QAAAAk"]
[Mon Jul 28 20:45:55.287435 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aIfFY14f-9g1kJksHwud_QAAAAk"]
[Mon Jul 28 20:45:55.310236 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aIfFY14f-9g1kJksHwud_gAAAAk"]
[Mon Jul 28 20:45:55.311425 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aIfFY14f-9g1kJksHwud_gAAAAk"]
[Mon Jul 28 20:45:55.311631 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-example"] [unique_id "aIfFY14f-9g1kJksHwud_gAAAAk"]
[Mon Jul 28 20:45:55.333693 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIfFY14f-9g1kJksHwud_wAAAAk"]
[Mon Jul 28 20:45:55.333920 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIfFY14f-9g1kJksHwud_wAAAAk"]
[Mon Jul 28 20:45:55.334110 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aIfFY14f-9g1kJksHwud_wAAAAk"]
[Mon Jul 28 20:45:55.356132 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aIfFY14f-9g1kJksHwueAAAAAAk"]
[Mon Jul 28 20:45:55.356350 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aIfFY14f-9g1kJksHwueAAAAAAk"]
[Mon Jul 28 20:45:55.356515 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.docker.dev"] [unique_id "aIfFY14f-9g1kJksHwueAAAAAAk"]
[Mon Jul 28 20:45:55.378696 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aIfFY14f-9g1kJksHwueAQAAAAk"]
[Mon Jul 28 20:45:55.378922 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aIfFY14f-9g1kJksHwueAQAAAAk"]
[Mon Jul 28 20:45:55.379094 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aIfFY14f-9g1kJksHwueAQAAAAk"]
[Mon Jul 28 20:45:55.607544 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aIfFY14f-9g1kJksHwueCwAAAAk"]
[Mon Jul 28 20:45:55.607750 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aIfFY14f-9g1kJksHwueCwAAAAk"]
[Mon Jul 28 20:45:55.607908 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aIfFY14f-9g1kJksHwueCwAAAAk"]
[Mon Jul 28 20:45:55.652515 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_old"] [unique_id "aIfFY14f-9g1kJksHwueDQAAAAk"]
[Mon Jul 28 20:45:55.652706 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_old"] [unique_id "aIfFY14f-9g1kJksHwueDQAAAAk"]
[Mon Jul 28 20:45:55.652859 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_old"] [unique_id "aIfFY14f-9g1kJksHwueDQAAAAk"]
[Mon Jul 28 20:45:55.698309 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.sample"] [unique_id "aIfFY14f-9g1kJksHwueDwAAAAk"]
[Mon Jul 28 20:45:55.698552 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.sample"] [unique_id "aIfFY14f-9g1kJksHwueDwAAAAk"]
[Mon Jul 28 20:45:55.698743 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.sample"] [unique_id "aIfFY14f-9g1kJksHwueDwAAAAk"]
[Mon Jul 28 20:45:55.744045 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aIfFY14f-9g1kJksHwueEQAAAAk"]
[Mon Jul 28 20:45:55.744280 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aIfFY14f-9g1kJksHwueEQAAAAk"]
[Mon Jul 28 20:45:55.744480 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-sample"] [unique_id "aIfFY14f-9g1kJksHwueEQAAAAk"]
[Mon Jul 28 20:45:55.766416 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aIfFY14f-9g1kJksHwueEgAAAAk"]
[Mon Jul 28 20:45:55.766624 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aIfFY14f-9g1kJksHwueEgAAAAk"]
[Mon Jul 28 20:45:55.766783 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aIfFY14f-9g1kJksHwueEgAAAAk"]
[Mon Jul 28 20:45:55.788805 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.travis"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "aIfFY14f-9g1kJksHwueEwAAAAk"]
[Mon Jul 28 20:45:55.789019 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "aIfFY14f-9g1kJksHwueEwAAAAk"]
[Mon Jul 28 20:45:55.789201 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.travis"] [unique_id "aIfFY14f-9g1kJksHwueEwAAAAk"]
[Mon Jul 28 20:45:55.811307 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test.sample"] [unique_id "aIfFY14f-9g1kJksHwueFAAAAAk"]
[Mon Jul 28 20:45:55.811512 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test.sample"] [unique_id "aIfFY14f-9g1kJksHwueFAAAAAk"]
[Mon Jul 28 20:45:55.811675 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test.sample"] [unique_id "aIfFY14f-9g1kJksHwueFAAAAAk"]
[Mon Jul 28 20:45:55.833625 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aIfFY14f-9g1kJksHwueFQAAAAk"]
[Mon Jul 28 20:45:55.833832 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aIfFY14f-9g1kJksHwueFQAAAAk"]
[Mon Jul 28 20:45:55.834042 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aIfFY14f-9g1kJksHwueFQAAAAk"]
[Mon Jul 28 20:45:55.856134 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIfFY14f-9g1kJksHwueFgAAAAk"]
[Mon Jul 28 20:45:55.856329 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIfFY14f-9g1kJksHwueFgAAAAk"]
[Mon Jul 28 20:45:55.856502 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aIfFY14f-9g1kJksHwueFgAAAAk"]
[Mon Jul 28 20:45:55.878379 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIfFY14f-9g1kJksHwueFwAAAAk"]
[Mon Jul 28 20:45:55.878570 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIfFY14f-9g1kJksHwueFwAAAAk"]
[Mon Jul 28 20:45:55.878732 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aIfFY14f-9g1kJksHwueFwAAAAk"]
[Mon Jul 28 20:45:55.900659 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aIfFY14f-9g1kJksHwueGAAAAAk"]
[Mon Jul 28 20:45:55.900853 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aIfFY14f-9g1kJksHwueGAAAAAk"]
[Mon Jul 28 20:45:55.901007 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt"] [unique_id "aIfFY14f-9g1kJksHwueGAAAAAk"]
[Mon Jul 28 20:45:55.924287 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aIfFY14f-9g1kJksHwueGQAAAAk"]
[Mon Jul 28 20:45:55.924499 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aIfFY14f-9g1kJksHwueGQAAAAk"]
[Mon Jul 28 20:45:55.924681 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aIfFY14f-9g1kJksHwueGQAAAAk"]
[Mon Jul 28 20:45:55.992794 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "aIfFY14f-9g1kJksHwueHAAAAAk"]
[Mon Jul 28 20:45:55.993022 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "aIfFY14f-9g1kJksHwueHAAAAAk"]
[Mon Jul 28 20:45:55.993210 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test.local"] [unique_id "aIfFY14f-9g1kJksHwueHAAAAAk"]
[Mon Jul 28 20:45:56.038941 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aIfFZF4f-9g1kJksHwueHgAAAAk"]
[Mon Jul 28 20:45:56.039166 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aIfFZF4f-9g1kJksHwueHgAAAAk"]
[Mon Jul 28 20:45:56.039377 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envrc"] [unique_id "aIfFZF4f-9g1kJksHwueHgAAAAk"]
[Mon Jul 28 20:45:56.061377 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aIfFZF4f-9g1kJksHwueHwAAAAk"]
[Mon Jul 28 20:45:56.061615 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aIfFZF4f-9g1kJksHwueHwAAAAk"]
[Mon Jul 28 20:45:56.061782 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aIfFZF4f-9g1kJksHwueHwAAAAk"]
[Mon Jul 28 20:45:56.083644 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "aIfFZF4f-9g1kJksHwueIAAAAAk"]
[Mon Jul 28 20:45:56.083855 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "aIfFZF4f-9g1kJksHwueIAAAAAk"]
[Mon Jul 28 20:45:56.084022 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample.php"] [unique_id "aIfFZF4f-9g1kJksHwueIAAAAAk"]
[Mon Jul 28 20:45:56.106028 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aIfFZF4f-9g1kJksHwueIQAAAAk"]
[Mon Jul 28 20:45:56.106230 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aIfFZF4f-9g1kJksHwueIQAAAAk"]
[Mon Jul 28 20:45:56.106421 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aIfFZF4f-9g1kJksHwueIQAAAAk"]
[Mon Jul 28 20:45:56.196912 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/env.bak"] [unique_id "aIfFZF4f-9g1kJksHwueJQAAAAk"]
[Mon Jul 28 20:45:56.197231 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env.bak"] [unique_id "aIfFZF4f-9g1kJksHwueJQAAAAk"]
[Mon Jul 28 20:45:56.197409 2025] [:error] [pid 1534267] [client 185.177.72.201:35948] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env.bak"] [unique_id "aIfFZF4f-9g1kJksHwueJQAAAAk"]
[Mon Jul 28 20:45:56.468315 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNHwAAAAQ"]
[Mon Jul 28 20:45:56.468563 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNHwAAAAQ"]
[Mon Jul 28 20:45:56.468736 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNHwAAAAQ"]
[Mon Jul 28 20:45:56.491015 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIAAAAAQ"]
[Mon Jul 28 20:45:56.491245 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIAAAAAQ"]
[Mon Jul 28 20:45:56.491409 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIAAAAAQ"]
[Mon Jul 28 20:45:56.513688 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIQAAAAQ"]
[Mon Jul 28 20:45:56.513912 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIQAAAAQ"]
[Mon Jul 28 20:45:56.514091 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIQAAAAQ"]
[Mon Jul 28 20:45:56.535814 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIgAAAAQ"]
[Mon Jul 28 20:45:56.536043 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIgAAAAQ"]
[Mon Jul 28 20:45:56.536216 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIgAAAAQ"]
[Mon Jul 28 20:45:56.572826 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIwAAAAQ"]
[Mon Jul 28 20:45:56.573107 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIwAAAAQ"]
[Mon Jul 28 20:45:56.573354 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNIwAAAAQ"]
[Mon Jul 28 20:45:56.595066 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJAAAAAQ"]
[Mon Jul 28 20:45:56.595284 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJAAAAAQ"]
[Mon Jul 28 20:45:56.595456 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJAAAAAQ"]
[Mon Jul 28 20:45:56.617145 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJQAAAAQ"]
[Mon Jul 28 20:45:56.617349 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJQAAAAQ"]
[Mon Jul 28 20:45:56.617506 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJQAAAAQ"]
[Mon Jul 28 20:45:56.639091 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJgAAAAQ"]
[Mon Jul 28 20:45:56.639283 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJgAAAAQ"]
[Mon Jul 28 20:45:56.639431 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJgAAAAQ"]
[Mon Jul 28 20:45:56.661007 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJwAAAAQ"]
[Mon Jul 28 20:45:56.661191 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJwAAAAQ"]
[Mon Jul 28 20:45:56.661363 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNJwAAAAQ"]
[Mon Jul 28 20:45:56.683072 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKAAAAAQ"]
[Mon Jul 28 20:45:56.683277 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKAAAAAQ"]
[Mon Jul 28 20:45:56.683486 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKAAAAAQ"]
[Mon Jul 28 20:45:56.705124 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKQAAAAQ"]
[Mon Jul 28 20:45:56.705335 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKQAAAAQ"]
[Mon Jul 28 20:45:56.705498 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKQAAAAQ"]
[Mon Jul 28 20:45:56.727254 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKgAAAAQ"]
[Mon Jul 28 20:45:56.727451 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKgAAAAQ"]
[Mon Jul 28 20:45:56.727609 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aIfFZOXeAg5fi4n6U5fNKgAAAAQ"]
[Mon Jul 28 20:45:56.749290 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aIfFZOXeAg5fi4n6U5fNKwAAAAQ"]
[Mon Jul 28 20:45:56.749474 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aIfFZOXeAg5fi4n6U5fNKwAAAAQ"]
[Mon Jul 28 20:45:56.749624 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aIfFZOXeAg5fi4n6U5fNKwAAAAQ"]
[Mon Jul 28 20:45:56.771238 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aIfFZOXeAg5fi4n6U5fNLAAAAAQ"]
[Mon Jul 28 20:45:56.771425 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aIfFZOXeAg5fi4n6U5fNLAAAAAQ"]
[Mon Jul 28 20:45:56.771573 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aIfFZOXeAg5fi4n6U5fNLAAAAAQ"]
[Mon Jul 28 20:45:56.793228 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aIfFZOXeAg5fi4n6U5fNLQAAAAQ"]
[Mon Jul 28 20:45:56.793431 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aIfFZOXeAg5fi4n6U5fNLQAAAAQ"]
[Mon Jul 28 20:45:56.793583 2025] [:error] [pid 1533990] [client 185.177.72.201:35958] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aIfFZOXeAg5fi4n6U5fNLQAAAAQ"]
[Mon Jul 28 20:45:57.131829 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aIfFZQLZGLzAXRzMJrelPgAAAAg"]
[Mon Jul 28 20:45:57.132067 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aIfFZQLZGLzAXRzMJrelPgAAAAg"]
[Mon Jul 28 20:45:57.132234 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aIfFZQLZGLzAXRzMJrelPgAAAAg"]
[Mon Jul 28 20:45:57.192843 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIfFZQLZGLzAXRzMJrelQAAAAAg"]
[Mon Jul 28 20:45:57.193084 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIfFZQLZGLzAXRzMJrelQAAAAAg"]
[Mon Jul 28 20:45:57.193317 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aIfFZQLZGLzAXRzMJrelQAAAAAg"]
[Mon Jul 28 20:45:57.401397 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelSgAAAAg"]
[Mon Jul 28 20:45:57.401658 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelSgAAAAg"]
[Mon Jul 28 20:45:57.401826 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelSgAAAAg"]
[Mon Jul 28 20:45:57.421836 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelSwAAAAg"]
[Mon Jul 28 20:45:57.422001 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelSwAAAAg"]
[Mon Jul 28 20:45:57.422142 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelSwAAAAg"]
[Mon Jul 28 20:45:57.442154 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTAAAAAg"]
[Mon Jul 28 20:45:57.442329 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTAAAAAg"]
[Mon Jul 28 20:45:57.442495 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTAAAAAg"]
[Mon Jul 28 20:45:57.462594 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTQAAAAg"]
[Mon Jul 28 20:45:57.462812 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTQAAAAg"]
[Mon Jul 28 20:45:57.462995 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTQAAAAg"]
[Mon Jul 28 20:45:57.482916 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTgAAAAg"]
[Mon Jul 28 20:45:57.483100 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTgAAAAg"]
[Mon Jul 28 20:45:57.483280 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTgAAAAg"]
[Mon Jul 28 20:45:57.503228 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTwAAAAg"]
[Mon Jul 28 20:45:57.503430 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTwAAAAg"]
[Mon Jul 28 20:45:57.503588 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/production/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelTwAAAAg"]
[Mon Jul 28 20:45:57.523564 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelUAAAAAg"]
[Mon Jul 28 20:45:57.523746 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelUAAAAAg"]
[Mon Jul 28 20:45:57.523909 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelUAAAAAg"]
[Mon Jul 28 20:45:57.713989 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aIfFZQLZGLzAXRzMJrelWQAAAAg"]
[Mon Jul 28 20:45:57.714213 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aIfFZQLZGLzAXRzMJrelWQAAAAg"]
[Mon Jul 28 20:45:57.714411 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aIfFZQLZGLzAXRzMJrelWQAAAAg"]
[Mon Jul 28 20:45:57.755659 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelWwAAAAg"]
[Mon Jul 28 20:45:57.755846 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelWwAAAAg"]
[Mon Jul 28 20:45:57.756003 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelWwAAAAg"]
[Mon Jul 28 20:45:57.775963 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXAAAAAg"]
[Mon Jul 28 20:45:57.776139 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXAAAAAg"]
[Mon Jul 28 20:45:57.776318 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cms/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXAAAAAg"]
[Mon Jul 28 20:45:57.796280 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXQAAAAg"]
[Mon Jul 28 20:45:57.796517 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXQAAAAg"]
[Mon Jul 28 20:45:57.796667 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXQAAAAg"]
[Mon Jul 28 20:45:57.816758 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dashboard/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXgAAAAg"]
[Mon Jul 28 20:45:57.816929 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dashboard/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXgAAAAg"]
[Mon Jul 28 20:45:57.817077 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dashboard/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXgAAAAg"]
[Mon Jul 28 20:45:57.837096 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXwAAAAg"]
[Mon Jul 28 20:45:57.837288 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXwAAAAg"]
[Mon Jul 28 20:45:57.837483 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelXwAAAAg"]
[Mon Jul 28 20:45:57.857512 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYAAAAAg"]
[Mon Jul 28 20:45:57.857712 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYAAAAAg"]
[Mon Jul 28 20:45:57.857921 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYAAAAAg"]
[Mon Jul 28 20:45:57.877871 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYQAAAAg"]
[Mon Jul 28 20:45:57.878062 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYQAAAAg"]
[Mon Jul 28 20:45:57.878227 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYQAAAAg"]
[Mon Jul 28 20:45:57.898473 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deployment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/deployment/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYgAAAAg"]
[Mon Jul 28 20:45:57.898673 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/deployment/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYgAAAAg"]
[Mon Jul 28 20:45:57.898849 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/deployment/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYgAAAAg"]
[Mon Jul 28 20:45:57.918878 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYwAAAAg"]
[Mon Jul 28 20:45:57.919045 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYwAAAAg"]
[Mon Jul 28 20:45:57.919190 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelYwAAAAg"]
[Mon Jul 28 20:45:57.939159 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /helm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/helm/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZAAAAAg"]
[Mon Jul 28 20:45:57.939337 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/helm/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZAAAAAg"]
[Mon Jul 28 20:45:57.939489 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/helm/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZAAAAAg"]
[Mon Jul 28 20:45:57.959498 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZQAAAAg"]
[Mon Jul 28 20:45:57.959706 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZQAAAAg"]
[Mon Jul 28 20:45:57.959884 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZQAAAAg"]
[Mon Jul 28 20:45:57.979934 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZgAAAAg"]
[Mon Jul 28 20:45:57.980130 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZgAAAAg"]
[Mon Jul 28 20:45:57.980294 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aIfFZQLZGLzAXRzMJrelZgAAAAg"]
[Mon Jul 28 20:45:58.043097 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aIfFZgLZGLzAXRzMJrelaQAAAAg"]
[Mon Jul 28 20:45:58.043367 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aIfFZgLZGLzAXRzMJrelaQAAAAg"]
[Mon Jul 28 20:45:58.043562 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aIfFZgLZGLzAXRzMJrelaQAAAAg"]
[Mon Jul 28 20:45:58.106312 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "aIfFZgLZGLzAXRzMJrelbAAAAAg"]
[Mon Jul 28 20:45:58.106579 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "aIfFZgLZGLzAXRzMJrelbAAAAAg"]
[Mon Jul 28 20:45:58.106813 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_example"] [unique_id "aIfFZgLZGLzAXRzMJrelbAAAAAg"]
[Mon Jul 28 20:45:58.127518 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIfFZgLZGLzAXRzMJrelbQAAAAg"]
[Mon Jul 28 20:45:58.127762 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIfFZgLZGLzAXRzMJrelbQAAAAg"]
[Mon Jul 28 20:45:58.127958 2025] [:error] [pid 1531600] [client 185.177.72.201:35962] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aIfFZgLZGLzAXRzMJrelbQAAAAg"]
[Mon Jul 28 20:45:58.355746 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpfgAAAAI"]
[Mon Jul 28 20:45:58.355991 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpfgAAAAI"]
[Mon Jul 28 20:45:58.356170 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpfgAAAAI"]
[Mon Jul 28 20:45:58.440735 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/settings.ini"] [unique_id "aIfFZjtW59P3rmsxDxVpgQAAAAI"]
[Mon Jul 28 20:45:58.441038 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/settings.ini"] [unique_id "aIfFZjtW59P3rmsxDxVpgQAAAAI"]
[Mon Jul 28 20:45:58.441187 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/settings.ini"] [unique_id "aIfFZjtW59P3rmsxDxVpgQAAAAI"]
[Mon Jul 28 20:45:58.463402 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpggAAAAI"]
[Mon Jul 28 20:45:58.463617 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpggAAAAI"]
[Mon Jul 28 20:45:58.463778 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpggAAAAI"]
[Mon Jul 28 20:45:58.486078 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpgwAAAAI"]
[Mon Jul 28 20:45:58.486293 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpgwAAAAI"]
[Mon Jul 28 20:45:58.486474 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpgwAAAAI"]
[Mon Jul 28 20:45:58.508751 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIfFZjtW59P3rmsxDxVphAAAAAI"]
[Mon Jul 28 20:45:58.508945 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIfFZjtW59P3rmsxDxVphAAAAAI"]
[Mon Jul 28 20:45:58.509098 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aIfFZjtW59P3rmsxDxVphAAAAAI"]
[Mon Jul 28 20:45:58.531270 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIfFZjtW59P3rmsxDxVphQAAAAI"]
[Mon Jul 28 20:45:58.531458 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIfFZjtW59P3rmsxDxVphQAAAAI"]
[Mon Jul 28 20:45:58.531612 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aIfFZjtW59P3rmsxDxVphQAAAAI"]
[Mon Jul 28 20:45:58.553823 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIfFZjtW59P3rmsxDxVphgAAAAI"]
[Mon Jul 28 20:45:58.554026 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIfFZjtW59P3rmsxDxVphgAAAAI"]
[Mon Jul 28 20:45:58.554182 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aIfFZjtW59P3rmsxDxVphgAAAAI"]
[Mon Jul 28 20:45:58.692177 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjAAAAAI"]
[Mon Jul 28 20:45:58.692367 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjAAAAAI"]
[Mon Jul 28 20:45:58.692520 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjAAAAAI"]
[Mon Jul 28 20:45:58.714870 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjQAAAAI"]
[Mon Jul 28 20:45:58.715097 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjQAAAAI"]
[Mon Jul 28 20:45:58.715279 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjQAAAAI"]
[Mon Jul 28 20:45:58.737461 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjgAAAAI"]
[Mon Jul 28 20:45:58.737653 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjgAAAAI"]
[Mon Jul 28 20:45:58.737820 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjgAAAAI"]
[Mon Jul 28 20:45:58.760158 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjwAAAAI"]
[Mon Jul 28 20:45:58.760371 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjwAAAAI"]
[Mon Jul 28 20:45:58.760524 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpjwAAAAI"]
[Mon Jul 28 20:45:58.782747 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpkAAAAAI"]
[Mon Jul 28 20:45:58.782940 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpkAAAAAI"]
[Mon Jul 28 20:45:58.783088 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpkAAAAAI"]
[Mon Jul 28 20:45:58.805105 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIfFZjtW59P3rmsxDxVpkQAAAAI"]
[Mon Jul 28 20:45:58.805399 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIfFZjtW59P3rmsxDxVpkQAAAAI"]
[Mon Jul 28 20:45:58.805553 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env.backup"] [unique_id "aIfFZjtW59P3rmsxDxVpkQAAAAI"]
[Mon Jul 28 20:45:58.920117 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIfFZjtW59P3rmsxDxVplgAAAAI"]
[Mon Jul 28 20:45:58.920289 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIfFZjtW59P3rmsxDxVplgAAAAI"]
[Mon Jul 28 20:45:58.920439 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aIfFZjtW59P3rmsxDxVplgAAAAI"]
[Mon Jul 28 20:45:58.942570 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIfFZjtW59P3rmsxDxVplwAAAAI"]
[Mon Jul 28 20:45:58.942759 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIfFZjtW59P3rmsxDxVplwAAAAI"]
[Mon Jul 28 20:45:58.942927 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aIfFZjtW59P3rmsxDxVplwAAAAI"]
[Mon Jul 28 20:45:58.965191 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpmAAAAAI"]
[Mon Jul 28 20:45:58.965442 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpmAAAAAI"]
[Mon Jul 28 20:45:58.965643 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpmAAAAAI"]
[Mon Jul 28 20:45:58.989709 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpmQAAAAI"]
[Mon Jul 28 20:45:58.989901 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpmQAAAAI"]
[Mon Jul 28 20:45:58.990051 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aIfFZjtW59P3rmsxDxVpmQAAAAI"]
[Mon Jul 28 20:45:59.026115 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIfFZztW59P3rmsxDxVpmgAAAAI"]
[Mon Jul 28 20:45:59.026316 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIfFZztW59P3rmsxDxVpmgAAAAI"]
[Mon Jul 28 20:45:59.026499 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aIfFZztW59P3rmsxDxVpmgAAAAI"]
[Mon Jul 28 20:45:59.048747 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/laravel/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aIfFZztW59P3rmsxDxVpmwAAAAI"]
[Mon Jul 28 20:45:59.048949 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aIfFZztW59P3rmsxDxVpmwAAAAI"]
[Mon Jul 28 20:45:59.049118 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/laravel/app/.env"] [unique_id "aIfFZztW59P3rmsxDxVpmwAAAAI"]
[Mon Jul 28 20:45:59.071322 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "aIfFZztW59P3rmsxDxVpnAAAAAI"]
[Mon Jul 28 20:45:59.071535 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "aIfFZztW59P3rmsxDxVpnAAAAAI"]
[Mon Jul 28 20:45:59.071699 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.local"] [unique_id "aIfFZztW59P3rmsxDxVpnAAAAAI"]
[Mon Jul 28 20:45:59.094061 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "aIfFZztW59P3rmsxDxVpnQAAAAI"]
[Mon Jul 28 20:45:59.094361 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "aIfFZztW59P3rmsxDxVpnQAAAAI"]
[Mon Jul 28 20:45:59.094548 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.production"] [unique_id "aIfFZztW59P3rmsxDxVpnQAAAAI"]
[Mon Jul 28 20:45:59.116652 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "aIfFZztW59P3rmsxDxVpngAAAAI"]
[Mon Jul 28 20:45:59.116845 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "aIfFZztW59P3rmsxDxVpngAAAAI"]
[Mon Jul 28 20:45:59.116994 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env.staging"] [unique_id "aIfFZztW59P3rmsxDxVpngAAAAI"]
[Mon Jul 28 20:45:59.139161 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "aIfFZztW59P3rmsxDxVpnwAAAAI"]
[Mon Jul 28 20:45:59.139362 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "aIfFZztW59P3rmsxDxVpnwAAAAI"]
[Mon Jul 28 20:45:59.139518 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.local"] [unique_id "aIfFZztW59P3rmsxDxVpnwAAAAI"]
[Mon Jul 28 20:45:59.161774 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "aIfFZztW59P3rmsxDxVpoAAAAAI"]
[Mon Jul 28 20:45:59.161970 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "aIfFZztW59P3rmsxDxVpoAAAAAI"]
[Mon Jul 28 20:45:59.162129 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.production"] [unique_id "aIfFZztW59P3rmsxDxVpoAAAAAI"]
[Mon Jul 28 20:45:59.184543 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "aIfFZztW59P3rmsxDxVpoQAAAAI"]
[Mon Jul 28 20:45:59.184733 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "aIfFZztW59P3rmsxDxVpoQAAAAI"]
[Mon Jul 28 20:45:59.184898 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env.staging"] [unique_id "aIfFZztW59P3rmsxDxVpoQAAAAI"]
[Mon Jul 28 20:45:59.207097 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aIfFZztW59P3rmsxDxVpogAAAAI"]
[Mon Jul 28 20:45:59.207272 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aIfFZztW59P3rmsxDxVpogAAAAI"]
[Mon Jul 28 20:45:59.207427 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aIfFZztW59P3rmsxDxVpogAAAAI"]
[Mon Jul 28 20:45:59.252629 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/app/private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/app/private/.env"] [unique_id "aIfFZztW59P3rmsxDxVppAAAAAI"]
[Mon Jul 28 20:45:59.252806 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/app/private/.env"] [unique_id "aIfFZztW59P3rmsxDxVppAAAAAI"]
[Mon Jul 28 20:45:59.252947 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/app/private/.env"] [unique_id "aIfFZztW59P3rmsxDxVppAAAAAI"]
[Mon Jul 28 20:45:59.275000 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIfFZztW59P3rmsxDxVppQAAAAI"]
[Mon Jul 28 20:45:59.275293 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIfFZztW59P3rmsxDxVppQAAAAI"]
[Mon Jul 28 20:45:59.275463 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aIfFZztW59P3rmsxDxVppQAAAAI"]
[Mon Jul 28 20:45:59.297655 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aIfFZztW59P3rmsxDxVppgAAAAI"]
[Mon Jul 28 20:45:59.297832 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aIfFZztW59P3rmsxDxVppgAAAAI"]
[Mon Jul 28 20:45:59.297976 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aIfFZztW59P3rmsxDxVppgAAAAI"]
[Mon Jul 28 20:45:59.319985 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aIfFZztW59P3rmsxDxVppwAAAAI"]
[Mon Jul 28 20:45:59.320257 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aIfFZztW59P3rmsxDxVppwAAAAI"]
[Mon Jul 28 20:45:59.320404 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aIfFZztW59P3rmsxDxVppwAAAAI"]
[Mon Jul 28 20:45:59.365883 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php5.ini"] [unique_id "aIfFZztW59P3rmsxDxVpqQAAAAI"]
[Mon Jul 28 20:45:59.366191 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php5.ini"] [unique_id "aIfFZztW59P3rmsxDxVpqQAAAAI"]
[Mon Jul 28 20:45:59.366390 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php5.ini"] [unique_id "aIfFZztW59P3rmsxDxVpqQAAAAI"]
[Mon Jul 28 20:45:59.388565 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aIfFZztW59P3rmsxDxVpqgAAAAI"]
[Mon Jul 28 20:45:59.388862 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aIfFZztW59P3rmsxDxVpqgAAAAI"]
[Mon Jul 28 20:45:59.389040 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aIfFZztW59P3rmsxDxVpqgAAAAI"]
[Mon Jul 28 20:45:59.530575 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIfFZztW59P3rmsxDxVpsAAAAAI"]
[Mon Jul 28 20:45:59.530715 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIfFZztW59P3rmsxDxVpsAAAAAI"]
[Mon Jul 28 20:45:59.530907 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIfFZztW59P3rmsxDxVpsAAAAAI"]
[Mon Jul 28 20:45:59.531058 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aIfFZztW59P3rmsxDxVpsAAAAAI"]
[Mon Jul 28 20:45:59.576271 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aIfFZztW59P3rmsxDxVpsgAAAAI"]
[Mon Jul 28 20:45:59.576422 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aIfFZztW59P3rmsxDxVpsgAAAAI"]
[Mon Jul 28 20:45:59.576631 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aIfFZztW59P3rmsxDxVpsgAAAAI"]
[Mon Jul 28 20:45:59.576805 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aIfFZztW59P3rmsxDxVpsgAAAAI"]
[Mon Jul 28 20:45:59.662799 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aIfFZztW59P3rmsxDxVptQAAAAI"]
[Mon Jul 28 20:45:59.663095 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aIfFZztW59P3rmsxDxVptQAAAAI"]
[Mon Jul 28 20:45:59.663248 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aIfFZztW59P3rmsxDxVptQAAAAI"]
[Mon Jul 28 20:45:59.710118 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.bak"] [unique_id "aIfFZztW59P3rmsxDxVptwAAAAI"]
[Mon Jul 28 20:45:59.710266 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.bak"] [unique_id "aIfFZztW59P3rmsxDxVptwAAAAI"]
[Mon Jul 28 20:45:59.710507 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.bak"] [unique_id "aIfFZztW59P3rmsxDxVptwAAAAI"]
[Mon Jul 28 20:45:59.710706 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials.bak"] [unique_id "aIfFZztW59P3rmsxDxVptwAAAAI"]
[Mon Jul 28 20:45:59.733164 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials/admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials/admin/.env"] [unique_id "aIfFZztW59P3rmsxDxVpuAAAAAI"]
[Mon Jul 28 20:45:59.733422 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials/admin/.env"] [unique_id "aIfFZztW59P3rmsxDxVpuAAAAAI"]
[Mon Jul 28 20:45:59.733606 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials/admin/.env"] [unique_id "aIfFZztW59P3rmsxDxVpuAAAAAI"]
[Mon Jul 28 20:45:59.779160 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.bak"] [unique_id "aIfFZztW59P3rmsxDxVpugAAAAI"]
[Mon Jul 28 20:45:59.779503 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bak"] [unique_id "aIfFZztW59P3rmsxDxVpugAAAAI"]
[Mon Jul 28 20:45:59.779697 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bak"] [unique_id "aIfFZztW59P3rmsxDxVpugAAAAI"]
[Mon Jul 28 20:45:59.825330 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.bitbucket/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.bitbucket/.env"] [unique_id "aIfFZztW59P3rmsxDxVpvAAAAAI"]
[Mon Jul 28 20:45:59.825537 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bitbucket/.env"] [unique_id "aIfFZztW59P3rmsxDxVpvAAAAAI"]
[Mon Jul 28 20:45:59.825694 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bitbucket/.env"] [unique_id "aIfFZztW59P3rmsxDxVpvAAAAAI"]
[Mon Jul 28 20:45:59.847881 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".boto" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .boto found within REQUEST_FILENAME: /.boto"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.boto"] [unique_id "aIfFZztW59P3rmsxDxVpvQAAAAI"]
[Mon Jul 28 20:45:59.848073 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.boto"] [unique_id "aIfFZztW59P3rmsxDxVpvQAAAAI"]
[Mon Jul 28 20:45:59.848224 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.boto"] [unique_id "aIfFZztW59P3rmsxDxVpvQAAAAI"]
[Mon Jul 28 20:45:59.893664 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.c9/metadata/environment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.c9/metadata/environment/.env"] [unique_id "aIfFZztW59P3rmsxDxVpvwAAAAI"]
[Mon Jul 28 20:45:59.893869 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.c9/metadata/environment/.env"] [unique_id "aIfFZztW59P3rmsxDxVpvwAAAAI"]
[Mon Jul 28 20:45:59.894034 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.c9/metadata/environment/.env"] [unique_id "aIfFZztW59P3rmsxDxVpvwAAAAI"]
[Mon Jul 28 20:45:59.916240 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.circleci/.env"] [unique_id "aIfFZztW59P3rmsxDxVpwAAAAAI"]
[Mon Jul 28 20:45:59.916444 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.circleci/.env"] [unique_id "aIfFZztW59P3rmsxDxVpwAAAAAI"]
[Mon Jul 28 20:45:59.916612 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.circleci/.env"] [unique_id "aIfFZztW59P3rmsxDxVpwAAAAAI"]
[Mon Jul 28 20:45:59.986658 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-db"] [unique_id "aIfFZztW59P3rmsxDxVpwwAAAAI"]
[Mon Jul 28 20:45:59.986906 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-db"] [unique_id "aIfFZztW59P3rmsxDxVpwwAAAAI"]
[Mon Jul 28 20:45:59.987099 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-db"] [unique_id "aIfFZztW59P3rmsxDxVpwwAAAAI"]
[Mon Jul 28 20:46:00.009682 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.back"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.back"] [unique_id "aIfFaDtW59P3rmsxDxVpxAAAAAI"]
[Mon Jul 28 20:46:00.009945 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.back"] [unique_id "aIfFaDtW59P3rmsxDxVpxAAAAAI"]
[Mon Jul 28 20:46:00.010183 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.back"] [unique_id "aIfFaDtW59P3rmsxDxVpxAAAAAI"]
[Mon Jul 28 20:46:00.032733 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bkp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bkp"] [unique_id "aIfFaDtW59P3rmsxDxVpxQAAAAI"]
[Mon Jul 28 20:46:00.032980 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bkp"] [unique_id "aIfFaDtW59P3rmsxDxVpxQAAAAI"]
[Mon Jul 28 20:46:00.033189 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bkp"] [unique_id "aIfFaDtW59P3rmsxDxVpxQAAAAI"]
[Mon Jul 28 20:46:00.055748 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.credentials"] [unique_id "aIfFaDtW59P3rmsxDxVpxgAAAAI"]
[Mon Jul 28 20:46:00.055992 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.credentials"] [unique_id "aIfFaDtW59P3rmsxDxVpxgAAAAI"]
[Mon Jul 28 20:46:00.056185 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.credentials"] [unique_id "aIfFaDtW59P3rmsxDxVpxgAAAAI"]
[Mon Jul 28 20:46:00.078789 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.email"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.email"] [unique_id "aIfFaDtW59P3rmsxDxVpxwAAAAI"]
[Mon Jul 28 20:46:00.079051 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.email"] [unique_id "aIfFaDtW59P3rmsxDxVpxwAAAAI"]
[Mon Jul 28 20:46:00.079241 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.email"] [unique_id "aIfFaDtW59P3rmsxDxVpxwAAAAI"]
[Mon Jul 28 20:46:00.101836 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.hidden"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.hidden"] [unique_id "aIfFaDtW59P3rmsxDxVpyAAAAAI"]
[Mon Jul 28 20:46:00.102082 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.hidden"] [unique_id "aIfFaDtW59P3rmsxDxVpyAAAAAI"]
[Mon Jul 28 20:46:00.102270 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.hidden"] [unique_id "aIfFaDtW59P3rmsxDxVpyAAAAAI"]
[Mon Jul 28 20:46:00.124755 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.hide"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.hide"] [unique_id "aIfFaDtW59P3rmsxDxVpyQAAAAI"]
[Mon Jul 28 20:46:00.125005 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.hide"] [unique_id "aIfFaDtW59P3rmsxDxVpyQAAAAI"]
[Mon Jul 28 20:46:00.125203 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.hide"] [unique_id "aIfFaDtW59P3rmsxDxVpyQAAAAI"]
[Mon Jul 28 20:46:00.147510 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aIfFaDtW59P3rmsxDxVpygAAAAI"]
[Mon Jul 28 20:46:00.147777 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aIfFaDtW59P3rmsxDxVpygAAAAI"]
[Mon Jul 28 20:46:00.147968 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aIfFaDtW59P3rmsxDxVpygAAAAI"]
[Mon Jul 28 20:46:00.170209 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.key"] [unique_id "aIfFaDtW59P3rmsxDxVpywAAAAI"]
[Mon Jul 28 20:46:00.170389 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.key"] [unique_id "aIfFaDtW59P3rmsxDxVpywAAAAI"]
[Mon Jul 28 20:46:00.170622 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.key"] [unique_id "aIfFaDtW59P3rmsxDxVpywAAAAI"]
[Mon Jul 28 20:46:00.170803 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.key"] [unique_id "aIfFaDtW59P3rmsxDxVpywAAAAI"]
[Mon Jul 28 20:46:00.193276 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.mail"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.mail"] [unique_id "aIfFaDtW59P3rmsxDxVpzAAAAAI"]
[Mon Jul 28 20:46:00.193546 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.mail"] [unique_id "aIfFaDtW59P3rmsxDxVpzAAAAAI"]
[Mon Jul 28 20:46:00.193741 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.mail"] [unique_id "aIfFaDtW59P3rmsxDxVpzAAAAAI"]
[Mon Jul 28 20:46:00.216205 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.smtp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aIfFaDtW59P3rmsxDxVpzQAAAAI"]
[Mon Jul 28 20:46:00.216434 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aIfFaDtW59P3rmsxDxVpzQAAAAI"]
[Mon Jul 28 20:46:00.216628 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aIfFaDtW59P3rmsxDxVpzQAAAAI"]
[Mon Jul 28 20:46:00.239001 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aIfFaDtW59P3rmsxDxVpzgAAAAI"]
[Mon Jul 28 20:46:00.239149 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aIfFaDtW59P3rmsxDxVpzgAAAAI"]
[Mon Jul 28 20:46:00.239367 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aIfFaDtW59P3rmsxDxVpzgAAAAI"]
[Mon Jul 28 20:46:00.239559 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aIfFaDtW59P3rmsxDxVpzgAAAAI"]
[Mon Jul 28 20:46:00.262102 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aIfFaDtW59P3rmsxDxVpzwAAAAI"]
[Mon Jul 28 20:46:00.262362 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aIfFaDtW59P3rmsxDxVpzwAAAAI"]
[Mon Jul 28 20:46:00.262558 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.testing"] [unique_id "aIfFaDtW59P3rmsxDxVpzwAAAAI"]
[Mon Jul 28 20:46:00.284813 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.uat"] [unique_id "aIfFaDtW59P3rmsxDxVp0AAAAAI"]
[Mon Jul 28 20:46:00.285045 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.uat"] [unique_id "aIfFaDtW59P3rmsxDxVp0AAAAAI"]
[Mon Jul 28 20:46:00.285255 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.uat"] [unique_id "aIfFaDtW59P3rmsxDxVp0AAAAAI"]
[Mon Jul 28 20:46:00.307690 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_aws"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_aws"] [unique_id "aIfFaDtW59P3rmsxDxVp0QAAAAI"]
[Mon Jul 28 20:46:00.307934 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_aws"] [unique_id "aIfFaDtW59P3rmsxDxVp0QAAAAI"]
[Mon Jul 28 20:46:00.308129 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_aws"] [unique_id "aIfFaDtW59P3rmsxDxVp0QAAAAI"]
[Mon Jul 28 20:46:00.330640 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "aIfFaDtW59P3rmsxDxVp0gAAAAI"]
[Mon Jul 28 20:46:00.330895 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "aIfFaDtW59P3rmsxDxVp0gAAAAI"]
[Mon Jul 28 20:46:00.331344 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_backup"] [unique_id "aIfFaDtW59P3rmsxDxVp0gAAAAI"]
[Mon Jul 28 20:46:00.353807 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_copy"] [unique_id "aIfFaDtW59P3rmsxDxVp0wAAAAI"]
[Mon Jul 28 20:46:00.354041 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_copy"] [unique_id "aIfFaDtW59P3rmsxDxVp0wAAAAI"]
[Mon Jul 28 20:46:00.354226 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_copy"] [unique_id "aIfFaDtW59P3rmsxDxVp0wAAAAI"]
[Mon Jul 28 20:46:00.376563 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_private"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_private"] [unique_id "aIfFaDtW59P3rmsxDxVp1AAAAAI"]
[Mon Jul 28 20:46:00.376791 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_private"] [unique_id "aIfFaDtW59P3rmsxDxVp1AAAAAI"]
[Mon Jul 28 20:46:00.376978 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_private"] [unique_id "aIfFaDtW59P3rmsxDxVp1AAAAAI"]
[Mon Jul 28 20:46:00.399783 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "aIfFaDtW59P3rmsxDxVp1QAAAAI"]
[Mon Jul 28 20:46:00.400140 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "aIfFaDtW59P3rmsxDxVp1QAAAAI"]
[Mon Jul 28 20:46:00.400392 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_secret"] [unique_id "aIfFaDtW59P3rmsxDxVp1QAAAAI"]
[Mon Jul 28 20:46:00.423041 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aIfFaDtW59P3rmsxDxVp1gAAAAI"]
[Mon Jul 28 20:46:00.423292 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aIfFaDtW59P3rmsxDxVp1gAAAAI"]
[Mon Jul 28 20:46:00.423509 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aIfFaDtW59P3rmsxDxVp1gAAAAI"]
[Mon Jul 28 20:46:00.446541 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aIfFaDtW59P3rmsxDxVp1wAAAAI"]
[Mon Jul 28 20:46:00.446787 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aIfFaDtW59P3rmsxDxVp1wAAAAI"]
[Mon Jul 28 20:46:00.446978 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aIfFaDtW59P3rmsxDxVp1wAAAAI"]
[Mon Jul 28 20:46:00.469337 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIfFaDtW59P3rmsxDxVp2AAAAAI"]
[Mon Jul 28 20:46:00.469609 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIfFaDtW59P3rmsxDxVp2AAAAAI"]
[Mon Jul 28 20:46:00.469812 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIfFaDtW59P3rmsxDxVp2AAAAAI"]
[Mon Jul 28 20:46:00.492175 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.github/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp2QAAAAI"]
[Mon Jul 28 20:46:00.492448 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.github/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp2QAAAAI"]
[Mon Jul 28 20:46:00.492644 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.github/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp2QAAAAI"]
[Mon Jul 28 20:46:00.538629 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aIfFaDtW59P3rmsxDxVp2wAAAAI"]
[Mon Jul 28 20:46:00.538892 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aIfFaDtW59P3rmsxDxVp2wAAAAI"]
[Mon Jul 28 20:46:00.539087 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aIfFaDtW59P3rmsxDxVp2wAAAAI"]
[Mon Jul 28 20:46:00.561402 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aIfFaDtW59P3rmsxDxVp3AAAAAI"]
[Mon Jul 28 20:46:00.561626 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aIfFaDtW59P3rmsxDxVp3AAAAAI"]
[Mon Jul 28 20:46:00.561803 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aIfFaDtW59P3rmsxDxVp3AAAAAI"]
[Mon Jul 28 20:46:00.584191 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.gitlab-ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp3QAAAAI"]
[Mon Jul 28 20:46:00.584428 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp3QAAAAI"]
[Mon Jul 28 20:46:00.584628 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp3QAAAAI"]
[Mon Jul 28 20:46:00.608639 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp3gAAAAI"]
[Mon Jul 28 20:46:00.608876 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp3gAAAAI"]
[Mon Jul 28 20:46:00.609068 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp3gAAAAI"]
[Mon Jul 28 20:46:00.631480 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.hg/ found within REQUEST_FILENAME: /.hg/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/"] [unique_id "aIfFaDtW59P3rmsxDxVp3wAAAAI"]
[Mon Jul 28 20:46:00.631716 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/"] [unique_id "aIfFaDtW59P3rmsxDxVp3wAAAAI"]
[Mon Jul 28 20:46:00.631944 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/"] [unique_id "aIfFaDtW59P3rmsxDxVp3wAAAAI"]
[Mon Jul 28 20:46:00.654523 2025] [authz_core:error] [pid 1533943] [client 185.177.72.201:35970] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htaccess
[Mon Jul 28 20:46:00.677122 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp4QAAAAI"]
[Mon Jul 28 20:46:00.677360 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp4QAAAAI"]
[Mon Jul 28 20:46:00.677558 2025] [:error] [pid 1533943] [client 185.177.72.201:35970] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/.env"] [unique_id "aIfFaDtW59P3rmsxDxVp4QAAAAI"]
[Mon Jul 28 20:46:01.132504 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aIfFac9E66I2YPyIb96mqgAAAA4"]
[Mon Jul 28 20:46:01.132768 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aIfFac9E66I2YPyIb96mqgAAAA4"]
[Mon Jul 28 20:46:01.132971 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aIfFac9E66I2YPyIb96mqgAAAA4"]
[Mon Jul 28 20:46:01.161914 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa.pub"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa.pub"] [unique_id "aIfFac9E66I2YPyIb96mqwAAAA4"]
[Mon Jul 28 20:46:01.162152 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa.pub"] [unique_id "aIfFac9E66I2YPyIb96mqwAAAA4"]
[Mon Jul 28 20:46:01.162371 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa.pub"] [unique_id "aIfFac9E66I2YPyIb96mqwAAAA4"]
[Mon Jul 28 20:46:01.192198 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/"] [unique_id "aIfFac9E66I2YPyIb96mrAAAAA4"]
[Mon Jul 28 20:46:01.192433 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/"] [unique_id "aIfFac9E66I2YPyIb96mrAAAAA4"]
[Mon Jul 28 20:46:01.192611 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/"] [unique_id "aIfFac9E66I2YPyIb96mrAAAAA4"]
[Mon Jul 28 20:46:01.221705 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aIfFac9E66I2YPyIb96mrQAAAA4"]
[Mon Jul 28 20:46:01.221959 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aIfFac9E66I2YPyIb96mrQAAAA4"]
[Mon Jul 28 20:46:01.222153 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aIfFac9E66I2YPyIb96mrQAAAA4"]
[Mon Jul 28 20:46:01.373988 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /07-accessing-data/begin/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/07-accessing-data/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96msgAAAA4"]
[Mon Jul 28 20:46:01.374231 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/07-accessing-data/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96msgAAAA4"]
[Mon Jul 28 20:46:01.374445 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/07-accessing-data/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96msgAAAA4"]
[Mon Jul 28 20:46:01.403598 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /07-accessing-data/end/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/07-accessing-data/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mswAAAA4"]
[Mon Jul 28 20:46:01.403838 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/07-accessing-data/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mswAAAA4"]
[Mon Jul 28 20:46:01.404038 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/07-accessing-data/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mswAAAA4"]
[Mon Jul 28 20:46:01.433048 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /08-routing/begin/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/08-routing/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtAAAAA4"]
[Mon Jul 28 20:46:01.433296 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/08-routing/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtAAAAA4"]
[Mon Jul 28 20:46:01.433490 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/08-routing/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtAAAAA4"]
[Mon Jul 28 20:46:01.462537 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /08-routing/end/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/08-routing/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtQAAAA4"]
[Mon Jul 28 20:46:01.462785 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/08-routing/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtQAAAA4"]
[Mon Jul 28 20:46:01.462997 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/08-routing/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtQAAAA4"]
[Mon Jul 28 20:46:01.492003 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /09-managing-state/begin/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtgAAAA4"]
[Mon Jul 28 20:46:01.492255 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtgAAAA4"]
[Mon Jul 28 20:46:01.492449 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/begin/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtgAAAA4"]
[Mon Jul 28 20:46:01.522949 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /09-managing-state/end/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtwAAAA4"]
[Mon Jul 28 20:46:01.523190 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtwAAAA4"]
[Mon Jul 28 20:46:01.523396 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/09-managing-state/end/vue-heroes/.env"] [unique_id "aIfFac9E66I2YPyIb96mtwAAAA4"]
[Mon Jul 28 20:46:01.582200 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /3-sequelize/final/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/3-sequelize/final/.env"] [unique_id "aIfFac9E66I2YPyIb96muQAAAA4"]
[Mon Jul 28 20:46:01.582453 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/3-sequelize/final/.env"] [unique_id "aIfFac9E66I2YPyIb96muQAAAA4"]
[Mon Jul 28 20:46:01.582662 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/3-sequelize/final/.env"] [unique_id "aIfFac9E66I2YPyIb96muQAAAA4"]
[Mon Jul 28 20:46:01.619579 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /31_structure_tests/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/31_structure_tests/.env"] [unique_id "aIfFac9E66I2YPyIb96mugAAAA4"]
[Mon Jul 28 20:46:01.619799 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/31_structure_tests/.env"] [unique_id "aIfFac9E66I2YPyIb96mugAAAA4"]
[Mon Jul 28 20:46:01.619992 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/31_structure_tests/.env"] [unique_id "aIfFac9E66I2YPyIb96mugAAAA4"]
[Mon Jul 28 20:46:01.889869 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /__tests__/test-become/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/__tests__/test-become/.env"] [unique_id "aIfFac9E66I2YPyIb96mwwAAAA4"]
[Mon Jul 28 20:46:01.890116 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/__tests__/test-become/.env"] [unique_id "aIfFac9E66I2YPyIb96mwwAAAA4"]
[Mon Jul 28 20:46:01.890321 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/__tests__/test-become/.env"] [unique_id "aIfFac9E66I2YPyIb96mwwAAAA4"]
[Mon Jul 28 20:46:02.337927 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /_static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/_static/.env"] [unique_id "aIfFas9E66I2YPyIb96m0gAAAA4"]
[Mon Jul 28 20:46:02.338135 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_static/.env"] [unique_id "aIfFas9E66I2YPyIb96m0gAAAA4"]
[Mon Jul 28 20:46:02.338299 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_static/.env"] [unique_id "aIfFas9E66I2YPyIb96m0gAAAA4"]
[Mon Jul 28 20:46:02.399499 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /acme-challenge/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/acme-challenge/.env"] [unique_id "aIfFas9E66I2YPyIb96m1AAAAA4"]
[Mon Jul 28 20:46:02.399718 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/acme-challenge/.env"] [unique_id "aIfFas9E66I2YPyIb96m1AAAAA4"]
[Mon Jul 28 20:46:02.399885 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/acme-challenge/.env"] [unique_id "aIfFas9E66I2YPyIb96m1AAAAA4"]
[Mon Jul 28 20:46:02.428733 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /acme/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/acme/.env"] [unique_id "aIfFas9E66I2YPyIb96m1QAAAA4"]
[Mon Jul 28 20:46:02.428953 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/acme/.env"] [unique_id "aIfFas9E66I2YPyIb96m1QAAAA4"]
[Mon Jul 28 20:46:02.429127 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/acme/.env"] [unique_id "aIfFas9E66I2YPyIb96m1QAAAA4"]
[Mon Jul 28 20:46:02.458076 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /acme_challenges/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/acme_challenges/.env"] [unique_id "aIfFas9E66I2YPyIb96m1gAAAA4"]
[Mon Jul 28 20:46:02.458299 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/acme_challenges/.env"] [unique_id "aIfFas9E66I2YPyIb96m1gAAAA4"]
[Mon Jul 28 20:46:02.458492 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/acme_challenges/.env"] [unique_id "aIfFas9E66I2YPyIb96m1gAAAA4"]
[Mon Jul 28 20:46:02.487595 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions-server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/actions-server/.env"] [unique_id "aIfFas9E66I2YPyIb96m1wAAAA4"]
[Mon Jul 28 20:46:02.487817 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/actions-server/.env"] [unique_id "aIfFas9E66I2YPyIb96m1wAAAA4"]
[Mon Jul 28 20:46:02.488002 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/actions-server/.env"] [unique_id "aIfFas9E66I2YPyIb96m1wAAAA4"]
[Mon Jul 28 20:46:02.576674 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aIfFas9E66I2YPyIb96m2gAAAA4"]
[Mon Jul 28 20:46:02.576894 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aIfFas9E66I2YPyIb96m2gAAAA4"]
[Mon Jul 28 20:46:02.577083 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-app/.env"] [unique_id "aIfFas9E66I2YPyIb96m2gAAAA4"]
[Mon Jul 28 20:46:02.605929 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-panel/.env"] [unique_id "aIfFas9E66I2YPyIb96m2wAAAA4"]
[Mon Jul 28 20:46:02.606154 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-panel/.env"] [unique_id "aIfFas9E66I2YPyIb96m2wAAAA4"]
[Mon Jul 28 20:46:02.606354 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin-panel/.env"] [unique_id "aIfFas9E66I2YPyIb96m2wAAAA4"]
[Mon Jul 28 20:46:02.724793 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /adminapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/adminapp/.env"] [unique_id "aIfFas9E66I2YPyIb96m3wAAAA4"]
[Mon Jul 28 20:46:02.725045 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/adminapp/.env"] [unique_id "aIfFas9E66I2YPyIb96m3wAAAA4"]
[Mon Jul 28 20:46:02.725240 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/adminapp/.env"] [unique_id "aIfFas9E66I2YPyIb96m3wAAAA4"]
[Mon Jul 28 20:46:02.783927 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /adminer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/adminer/.env"] [unique_id "aIfFas9E66I2YPyIb96m4QAAAA4"]
[Mon Jul 28 20:46:02.784163 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/adminer/.env"] [unique_id "aIfFas9E66I2YPyIb96m4QAAAA4"]
[Mon Jul 28 20:46:02.784339 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/adminer/.env"] [unique_id "aIfFas9E66I2YPyIb96m4QAAAA4"]
[Mon Jul 28 20:46:02.874759 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /agora/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/agora/.env"] [unique_id "aIfFas9E66I2YPyIb96m5AAAAA4"]
[Mon Jul 28 20:46:02.874996 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/agora/.env"] [unique_id "aIfFas9E66I2YPyIb96m5AAAAA4"]
[Mon Jul 28 20:46:02.875166 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/agora/.env"] [unique_id "aIfFas9E66I2YPyIb96m5AAAAA4"]
[Mon Jul 28 20:46:02.904389 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /alpha/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.env"] [unique_id "aIfFas9E66I2YPyIb96m5QAAAA4"]
[Mon Jul 28 20:46:02.904629 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.env"] [unique_id "aIfFas9E66I2YPyIb96m5QAAAA4"]
[Mon Jul 28 20:46:02.904805 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/alpha/.env"] [unique_id "aIfFas9E66I2YPyIb96m5QAAAA4"]
[Mon Jul 28 20:46:02.936874 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /anaconda/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/anaconda/.env"] [unique_id "aIfFas9E66I2YPyIb96m5gAAAA4"]
[Mon Jul 28 20:46:02.937117 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/anaconda/.env"] [unique_id "aIfFas9E66I2YPyIb96m5gAAAA4"]
[Mon Jul 28 20:46:02.937296 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/anaconda/.env"] [unique_id "aIfFas9E66I2YPyIb96m5gAAAA4"]
[Mon Jul 28 20:46:03.148018 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-server/.env"] [unique_id "aIfFa89E66I2YPyIb96m7QAAAA4"]
[Mon Jul 28 20:46:03.148252 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-server/.env"] [unique_id "aIfFa89E66I2YPyIb96m7QAAAA4"]
[Mon Jul 28 20:46:03.148429 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-server/.env"] [unique_id "aIfFa89E66I2YPyIb96m7QAAAA4"]
[Mon Jul 28 20:46:03.177600 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.back"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.back"] [unique_id "aIfFa89E66I2YPyIb96m7gAAAA4"]
[Mon Jul 28 20:46:03.177849 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.back"] [unique_id "aIfFa89E66I2YPyIb96m7gAAAA4"]
[Mon Jul 28 20:46:03.178030 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.back"] [unique_id "aIfFa89E66I2YPyIb96m7gAAAA4"]
[Mon Jul 28 20:46:03.206915 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.example"] [unique_id "aIfFa89E66I2YPyIb96m7wAAAA4"]
[Mon Jul 28 20:46:03.207143 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.example"] [unique_id "aIfFa89E66I2YPyIb96m7wAAAA4"]
[Mon Jul 28 20:46:03.207316 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.example"] [unique_id "aIfFa89E66I2YPyIb96m7wAAAA4"]
[Mon Jul 28 20:46:03.236387 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.sample"] [unique_id "aIfFa89E66I2YPyIb96m8AAAAA4"]
[Mon Jul 28 20:46:03.236596 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.sample"] [unique_id "aIfFa89E66I2YPyIb96m8AAAAA4"]
[Mon Jul 28 20:46:03.236754 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.sample"] [unique_id "aIfFa89E66I2YPyIb96m8AAAAA4"]
[Mon Jul 28 20:46:03.265678 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aIfFa89E66I2YPyIb96m8QAAAA4"]
[Mon Jul 28 20:46:03.265884 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aIfFa89E66I2YPyIb96m8QAAAA4"]
[Mon Jul 28 20:46:03.266040 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aIfFa89E66I2YPyIb96m8QAAAA4"]
[Mon Jul 28 20:46:03.504566 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aIfFa89E66I2YPyIb96m-QAAAA4"]
[Mon Jul 28 20:46:03.504776 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aIfFa89E66I2YPyIb96m-QAAAA4"]
[Mon Jul 28 20:46:03.504971 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aIfFa89E66I2YPyIb96m-QAAAA4"]
[Mon Jul 28 20:46:03.533856 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aIfFa89E66I2YPyIb96m-gAAAA4"]
[Mon Jul 28 20:46:03.534069 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aIfFa89E66I2YPyIb96m-gAAAA4"]
[Mon Jul 28 20:46:03.534248 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/.env"] [unique_id "aIfFa89E66I2YPyIb96m-gAAAA4"]
[Mon Jul 28 20:46:03.592708 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.env"] [unique_id "aIfFa89E66I2YPyIb96m_AAAAA4"]
[Mon Jul 28 20:46:03.592908 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.env"] [unique_id "aIfFa89E66I2YPyIb96m_AAAAA4"]
[Mon Jul 28 20:46:03.593079 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v2/.env"] [unique_id "aIfFa89E66I2YPyIb96m_AAAAA4"]
[Mon Jul 28 20:46:03.621849 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "aIfFa89E66I2YPyIb96m_QAAAA4"]
[Mon Jul 28 20:46:03.622054 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "aIfFa89E66I2YPyIb96m_QAAAA4"]
[Mon Jul 28 20:46:03.622236 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apis/.env"] [unique_id "aIfFa89E66I2YPyIb96m_QAAAA4"]
[Mon Jul 28 20:46:03.680783 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app-order-client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app-order-client/.env"] [unique_id "aIfFa89E66I2YPyIb96m_wAAAA4"]
[Mon Jul 28 20:46:03.680998 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app-order-client/.env"] [unique_id "aIfFa89E66I2YPyIb96m_wAAAA4"]
[Mon Jul 28 20:46:03.681177 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app-order-client/.env"] [unique_id "aIfFa89E66I2YPyIb96m_wAAAA4"]
[Mon Jul 28 20:46:03.739725 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.example"] [unique_id "aIfFa89E66I2YPyIb96nAQAAAA4"]
[Mon Jul 28 20:46:03.739939 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.example"] [unique_id "aIfFa89E66I2YPyIb96nAQAAAA4"]
[Mon Jul 28 20:46:03.740095 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.example"] [unique_id "aIfFa89E66I2YPyIb96nAQAAAA4"]
[Mon Jul 28 20:46:03.768974 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.sample"] [unique_id "aIfFa89E66I2YPyIb96nAgAAAA4"]
[Mon Jul 28 20:46:03.769265 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.sample"] [unique_id "aIfFa89E66I2YPyIb96nAgAAAA4"]
[Mon Jul 28 20:46:03.769501 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.sample"] [unique_id "aIfFa89E66I2YPyIb96nAgAAAA4"]
[Mon Jul 28 20:46:03.798394 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aIfFa89E66I2YPyIb96nAwAAAA4"]
[Mon Jul 28 20:46:03.798606 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aIfFa89E66I2YPyIb96nAwAAAA4"]
[Mon Jul 28 20:46:03.798773 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aIfFa89E66I2YPyIb96nAwAAAA4"]
[Mon Jul 28 20:46:03.827703 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.back"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.back"] [unique_id "aIfFa89E66I2YPyIb96nBAAAAA4"]
[Mon Jul 28 20:46:03.827917 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.back"] [unique_id "aIfFa89E66I2YPyIb96nBAAAAA4"]
[Mon Jul 28 20:46:03.828116 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.back"] [unique_id "aIfFa89E66I2YPyIb96nBAAAAA4"]
[Mon Jul 28 20:46:03.856993 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/client/.env"] [unique_id "aIfFa89E66I2YPyIb96nBQAAAA4"]
[Mon Jul 28 20:46:03.857215 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/client/.env"] [unique_id "aIfFa89E66I2YPyIb96nBQAAAA4"]
[Mon Jul 28 20:46:03.857378 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/client/.env"] [unique_id "aIfFa89E66I2YPyIb96nBQAAAA4"]
[Mon Jul 28 20:46:03.886498 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/code/community/nosto/tagging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/code/community/Nosto/Tagging/.env"] [unique_id "aIfFa89E66I2YPyIb96nBgAAAA4"]
[Mon Jul 28 20:46:03.886711 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/code/community/Nosto/Tagging/.env"] [unique_id "aIfFa89E66I2YPyIb96nBgAAAA4"]
[Mon Jul 28 20:46:03.886884 2025] [:error] [pid 1519683] [client 185.177.72.201:42742] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/code/community/Nosto/Tagging/.env"] [unique_id "aIfFa89E66I2YPyIb96nBgAAAA4"]
[Mon Jul 28 20:46:04.043285 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/config/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/dev/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b9gAAAAM"]
[Mon Jul 28 20:46:04.043569 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/dev/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b9gAAAAM"]
[Mon Jul 28 20:46:04.043743 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/dev/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b9gAAAAM"]
[Mon Jul 28 20:46:04.065813 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/frontend/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b9wAAAAM"]
[Mon Jul 28 20:46:04.066043 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/frontend/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b9wAAAAM"]
[Mon Jul 28 20:46:04.066209 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/frontend/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b9wAAAAM"]
[Mon Jul 28 20:46:04.134511 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app1-static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app1-static/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b-gAAAAM"]
[Mon Jul 28 20:46:04.134742 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app1-static/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b-gAAAAM"]
[Mon Jul 28 20:46:04.134906 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app1-static/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b-gAAAAM"]
[Mon Jul 28 20:46:04.156815 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app2-static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app2-static/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b-wAAAAM"]
[Mon Jul 28 20:46:04.157025 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app2-static/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b-wAAAAM"]
[Mon Jul 28 20:46:04.157191 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app2-static/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b-wAAAAM"]
[Mon Jul 28 20:46:04.179158 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app_dir/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app_dir/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b_AAAAAM"]
[Mon Jul 28 20:46:04.179356 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app_dir/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b_AAAAAM"]
[Mon Jul 28 20:46:04.179529 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app_dir/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b_AAAAAM"]
[Mon Jul 28 20:46:04.201587 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app_nginx_static_path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app_nginx_static_path/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b_QAAAAM"]
[Mon Jul 28 20:46:04.201816 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app_nginx_static_path/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b_QAAAAM"]
[Mon Jul 28 20:46:04.201981 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app_nginx_static_path/.env"] [unique_id "aIfFbBd6_yVRS98tgw1b_QAAAAM"]
[Mon Jul 28 20:46:04.224551 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.sample"] [unique_id "aIfFbBd6_yVRS98tgw1b_gAAAAM"]
[Mon Jul 28 20:46:04.224745 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.sample"] [unique_id "aIfFbBd6_yVRS98tgw1b_gAAAAM"]
[Mon Jul 28 20:46:04.224940 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.sample"] [unique_id "aIfFbBd6_yVRS98tgw1b_gAAAAM"]
[Mon Jul 28 20:46:04.246733 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aIfFbBd6_yVRS98tgw1b_wAAAAM"]
[Mon Jul 28 20:46:04.246925 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aIfFbBd6_yVRS98tgw1b_wAAAAM"]
[Mon Jul 28 20:46:04.247095 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aIfFbBd6_yVRS98tgw1b_wAAAAM"]
[Mon Jul 28 20:46:04.268893 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAAAAAAM"]
[Mon Jul 28 20:46:04.269070 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAAAAAAM"]
[Mon Jul 28 20:46:04.269219 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAAAAAAM"]
[Mon Jul 28 20:46:04.291217 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/client/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAQAAAAM"]
[Mon Jul 28 20:46:04.291405 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/client/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAQAAAAM"]
[Mon Jul 28 20:46:04.291570 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/client/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAQAAAAM"]
[Mon Jul 28 20:46:04.313458 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /archipel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Archipel/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAgAAAAM"]
[Mon Jul 28 20:46:04.313643 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Archipel/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAgAAAAM"]
[Mon Jul 28 20:46:04.313805 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Archipel/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cAgAAAAM"]
[Mon Jul 28 20:46:04.358189 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /asset_img/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/asset_img/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cBAAAAAM"]
[Mon Jul 28 20:46:04.358382 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/asset_img/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cBAAAAAM"]
[Mon Jul 28 20:46:04.358533 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/asset_img/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cBAAAAAM"]
[Mon Jul 28 20:46:04.380636 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cBQAAAAM"]
[Mon Jul 28 20:46:04.380824 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cBQAAAAM"]
[Mon Jul 28 20:46:04.380986 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cBQAAAAM"]
[Mon Jul 28 20:46:04.540240 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assignment3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Assignment3/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDAAAAAM"]
[Mon Jul 28 20:46:04.540432 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Assignment3/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDAAAAAM"]
[Mon Jul 28 20:46:04.540586 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Assignment3/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDAAAAAM"]
[Mon Jul 28 20:46:04.562512 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assignment4/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Assignment4/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDQAAAAM"]
[Mon Jul 28 20:46:04.562697 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Assignment4/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDQAAAAM"]
[Mon Jul 28 20:46:04.562889 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Assignment4/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDQAAAAM"]
[Mon Jul 28 20:46:04.597741 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /audio/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/audio/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDgAAAAM"]
[Mon Jul 28 20:46:04.597943 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/audio/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDgAAAAM"]
[Mon Jul 28 20:46:04.598105 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/audio/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cDgAAAAM"]
[Mon Jul 28 20:46:04.665531 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEQAAAAM"]
[Mon Jul 28 20:46:04.665722 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEQAAAAM"]
[Mon Jul 28 20:46:04.665880 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEQAAAAM"]
[Mon Jul 28 20:46:04.687851 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/azure/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEgAAAAM"]
[Mon Jul 28 20:46:04.688046 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/azure/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEgAAAAM"]
[Mon Jul 28 20:46:04.688198 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/azure/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEgAAAAM"]
[Mon Jul 28 20:46:04.710155 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/as-alias/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/as-alias/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEwAAAAM"]
[Mon Jul 28 20:46:04.710429 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/as-alias/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEwAAAAM"]
[Mon Jul 28 20:46:04.710634 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/as-alias/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cEwAAAAM"]
[Mon Jul 28 20:46:04.732496 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/default/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/default/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFAAAAAM"]
[Mon Jul 28 20:46:04.732694 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/default/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFAAAAAM"]
[Mon Jul 28 20:46:04.732844 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/default/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFAAAAAM"]
[Mon Jul 28 20:46:04.754772 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/dev-env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/dev-env/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFQAAAAM"]
[Mon Jul 28 20:46:04.754972 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/dev-env/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFQAAAAM"]
[Mon Jul 28 20:46:04.755169 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/dev-env/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFQAAAAM"]
[Mon Jul 28 20:46:04.777109 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/empty-values/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/empty-values/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFgAAAAM"]
[Mon Jul 28 20:46:04.777315 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/empty-values/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFgAAAAM"]
[Mon Jul 28 20:46:04.777470 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/empty-values/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFgAAAAM"]
[Mon Jul 28 20:46:04.799304 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/filename/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/filename/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFwAAAAM"]
[Mon Jul 28 20:46:04.799494 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/filename/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFwAAAAM"]
[Mon Jul 28 20:46:04.799644 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/filename/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cFwAAAAM"]
[Mon Jul 28 20:46:04.821509 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/override-value/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/override-value/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGAAAAAM"]
[Mon Jul 28 20:46:04.821715 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/override-value/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGAAAAAM"]
[Mon Jul 28 20:46:04.821881 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/override-value/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGAAAAAM"]
[Mon Jul 28 20:46:04.844103 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /babel-plugin-dotenv/test/fixtures/prod-env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/prod-env/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGQAAAAM"]
[Mon Jul 28 20:46:04.844298 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/prod-env/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGQAAAAM"]
[Mon Jul 28 20:46:04.844462 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/babel-plugin-dotenv/test/fixtures/prod-env/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGQAAAAM"]
[Mon Jul 28 20:46:04.866424 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back-end/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/back-end/app/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGgAAAAM"]
[Mon Jul 28 20:46:04.866609 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/back-end/app/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGgAAAAM"]
[Mon Jul 28 20:46:04.866763 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/back-end/app/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGgAAAAM"]
[Mon Jul 28 20:46:04.888621 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGwAAAAM"]
[Mon Jul 28 20:46:04.888806 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGwAAAAM"]
[Mon Jul 28 20:46:04.888971 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/back/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cGwAAAAM"]
[Mon Jul 28 20:46:04.910641 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aIfFbBd6_yVRS98tgw1cHAAAAAM"]
[Mon Jul 28 20:46:04.910826 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aIfFbBd6_yVRS98tgw1cHAAAAAM"]
[Mon Jul 28 20:46:04.910989 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aIfFbBd6_yVRS98tgw1cHAAAAAM"]
[Mon Jul 28 20:46:04.932807 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/config/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cHQAAAAM"]
[Mon Jul 28 20:46:04.933021 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/config/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cHQAAAAM"]
[Mon Jul 28 20:46:04.933209 2025] [:error] [pid 1522294] [client 185.177.72.201:42752] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/config/.env"] [unique_id "aIfFbBd6_yVRS98tgw1cHQAAAAM"]
[Mon Jul 28 20:46:05.150955 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backendfinaltest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backendfinaltest/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXgAAAAAU"]
[Mon Jul 28 20:46:05.151286 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backendfinaltest/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXgAAAAAU"]
[Mon Jul 28 20:46:05.151517 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backendfinaltest/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXgAAAAAU"]
[Mon Jul 28 20:46:05.219101 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /base_dir/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/base_dir/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXgwAAAAU"]
[Mon Jul 28 20:46:05.219298 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/base_dir/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXgwAAAAU"]
[Mon Jul 28 20:46:05.219448 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/base_dir/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXgwAAAAU"]
[Mon Jul 28 20:46:05.241380 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /basic-network/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/basic-network/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhAAAAAU"]
[Mon Jul 28 20:46:05.241593 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/basic-network/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhAAAAAU"]
[Mon Jul 28 20:46:05.241746 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/basic-network/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhAAAAAU"]
[Mon Jul 28 20:46:05.263611 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bgoldd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/bgoldd/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhQAAAAU"]
[Mon Jul 28 20:46:05.263803 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bgoldd/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhQAAAAU"]
[Mon Jul 28 20:46:05.263957 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bgoldd/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhQAAAAU"]
[Mon Jul 28 20:46:05.285910 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bitcoind/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/bitcoind/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhgAAAAU"]
[Mon Jul 28 20:46:05.286148 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bitcoind/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhgAAAAU"]
[Mon Jul 28 20:46:05.286293 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bitcoind/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhgAAAAU"]
[Mon Jul 28 20:46:05.308128 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blankon/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blankon/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhwAAAAU"]
[Mon Jul 28 20:46:05.308307 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blankon/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhwAAAAU"]
[Mon Jul 28 20:46:05.308471 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blankon/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXhwAAAAU"]
[Mon Jul 28 20:46:05.330177 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blob/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blob/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiAAAAAU"]
[Mon Jul 28 20:46:05.330376 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blob/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiAAAAAU"]
[Mon Jul 28 20:46:05.330526 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blob/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiAAAAAU"]
[Mon Jul 28 20:46:05.352347 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blog/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiQAAAAU"]
[Mon Jul 28 20:46:05.352519 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiQAAAAU"]
[Mon Jul 28 20:46:05.352679 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiQAAAAU"]
[Mon Jul 28 20:46:05.374862 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blogs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blogs/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXigAAAAU"]
[Mon Jul 28 20:46:05.375054 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blogs/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXigAAAAU"]
[Mon Jul 28 20:46:05.375254 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blogs/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXigAAAAU"]
[Mon Jul 28 20:46:05.396995 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /blue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blue/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiwAAAAU"]
[Mon Jul 28 20:46:05.397192 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blue/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiwAAAAU"]
[Mon Jul 28 20:46:05.397332 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blue/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXiwAAAAU"]
[Mon Jul 28 20:46:05.419189 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bookchain-client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/bookchain-client/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjAAAAAU"]
[Mon Jul 28 20:46:05.419368 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bookchain-client/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjAAAAAU"]
[Mon Jul 28 20:46:05.419537 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bookchain-client/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjAAAAAU"]
[Mon Jul 28 20:46:05.464827 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjgAAAAU"]
[Mon Jul 28 20:46:05.465061 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjgAAAAU"]
[Mon Jul 28 20:46:05.465227 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bootstrap/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjgAAAAU"]
[Mon Jul 28 20:46:05.487045 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /boxes/oracle-vagrant-boxes/containerregistry/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/ContainerRegistry/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjwAAAAU"]
[Mon Jul 28 20:46:05.487248 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/ContainerRegistry/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjwAAAAU"]
[Mon Jul 28 20:46:05.487411 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/ContainerRegistry/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXjwAAAAU"]
[Mon Jul 28 20:46:05.509228 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /boxes/oracle-vagrant-boxes/kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/Kubernetes/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkAAAAAU"]
[Mon Jul 28 20:46:05.509427 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/Kubernetes/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkAAAAAU"]
[Mon Jul 28 20:46:05.509576 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/Kubernetes/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkAAAAAU"]
[Mon Jul 28 20:46:05.531312 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /boxes/oracle-vagrant-boxes/olcne/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/OLCNE/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkQAAAAU"]
[Mon Jul 28 20:46:05.531507 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/OLCNE/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkQAAAAU"]
[Mon Jul 28 20:46:05.531659 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/boxes/oracle-vagrant-boxes/OLCNE/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkQAAAAU"]
[Mon Jul 28 20:46:05.553493 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bucoffea/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/bucoffea/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkgAAAAU"]
[Mon Jul 28 20:46:05.553686 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bucoffea/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkgAAAAU"]
[Mon Jul 28 20:46:05.553847 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bucoffea/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXkgAAAAU"]
[Mon Jul 28 20:46:05.620850 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXlQAAAAU"]
[Mon Jul 28 20:46:05.621027 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXlQAAAAU"]
[Mon Jul 28 20:46:05.621172 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXlQAAAAU"]
[Mon Jul 28 20:46:05.794083 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cardea/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cardea/backend/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXnAAAAAU"]
[Mon Jul 28 20:46:05.794293 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cardea/backend/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXnAAAAAU"]
[Mon Jul 28 20:46:05.794494 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cardea/backend/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXnAAAAAU"]
[Mon Jul 28 20:46:05.816334 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cdw-backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cdw-backend/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXnQAAAAU"]
[Mon Jul 28 20:46:05.816531 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cdw-backend/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXnQAAAAU"]
[Mon Jul 28 20:46:05.816682 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cdw-backend/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXnQAAAAU"]
[Mon Jul 28 20:46:05.838582 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cgi-bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cgi-bin/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXngAAAAU"]
[Mon Jul 28 20:46:05.838780 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cgi-bin/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXngAAAAU"]
[Mon Jul 28 20:46:05.838935 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cgi-bin/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXngAAAAU"]
[Mon Jul 28 20:46:05.883407 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch2-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch2-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXoAAAAAU"]
[Mon Jul 28 20:46:05.883613 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch2-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXoAAAAAU"]
[Mon Jul 28 20:46:05.883781 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch2-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXoAAAAAU"]
[Mon Jul 28 20:46:05.905866 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch6-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch6-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXoQAAAAU"]
[Mon Jul 28 20:46:05.906100 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch6-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXoQAAAAU"]
[Mon Jul 28 20:46:05.906279 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch6-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXoQAAAAU"]
[Mon Jul 28 20:46:05.928403 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch6a-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch6a-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXogAAAAU"]
[Mon Jul 28 20:46:05.928612 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch6a-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXogAAAAU"]
[Mon Jul 28 20:46:05.928767 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch6a-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXogAAAAU"]
[Mon Jul 28 20:46:05.950722 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch7-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch7-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXowAAAAU"]
[Mon Jul 28 20:46:05.950947 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch7-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXowAAAAU"]
[Mon Jul 28 20:46:05.951111 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch7-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXowAAAAU"]
[Mon Jul 28 20:46:05.973237 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch7a-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch7a-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXpAAAAAU"]
[Mon Jul 28 20:46:05.973463 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch7a-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXpAAAAAU"]
[Mon Jul 28 20:46:05.973617 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch7a-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXpAAAAAU"]
[Mon Jul 28 20:46:05.995445 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch8-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXpQAAAAU"]
[Mon Jul 28 20:46:05.995662 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXpQAAAAU"]
[Mon Jul 28 20:46:05.995827 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8-mytodo/.env"] [unique_id "aIfFbQ9nLjdPblA-25FXpQAAAAU"]
[Mon Jul 28 20:46:06.017828 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch8a-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8a-mytodo/.env"] [unique_id "aIfFbg9nLjdPblA-25FXpgAAAAU"]
[Mon Jul 28 20:46:06.018033 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8a-mytodo/.env"] [unique_id "aIfFbg9nLjdPblA-25FXpgAAAAU"]
[Mon Jul 28 20:46:06.018194 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8a-mytodo/.env"] [unique_id "aIfFbg9nLjdPblA-25FXpgAAAAU"]
[Mon Jul 28 20:46:06.040433 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ch8b-mytodo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8b-mytodo/.env"] [unique_id "aIfFbg9nLjdPblA-25FXpwAAAAU"]
[Mon Jul 28 20:46:06.040774 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8b-mytodo/.env"] [unique_id "aIfFbg9nLjdPblA-25FXpwAAAAU"]
[Mon Jul 28 20:46:06.041035 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ch8b-mytodo/.env"] [unique_id "aIfFbg9nLjdPblA-25FXpwAAAAU"]
[Mon Jul 28 20:46:06.062918 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /chai/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Chai/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqAAAAAU"]
[Mon Jul 28 20:46:06.063130 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Chai/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqAAAAAU"]
[Mon Jul 28 20:46:06.063316 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Chai/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqAAAAAU"]
[Mon Jul 28 20:46:06.085248 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /challenge/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/challenge/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqQAAAAU"]
[Mon Jul 28 20:46:06.085467 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/challenge/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqQAAAAU"]
[Mon Jul 28 20:46:06.085623 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/challenge/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqQAAAAU"]
[Mon Jul 28 20:46:06.107566 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /challenges/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/challenges/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqgAAAAU"]
[Mon Jul 28 20:46:06.107776 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/challenges/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqgAAAAU"]
[Mon Jul 28 20:46:06.107934 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/challenges/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqgAAAAU"]
[Mon Jul 28 20:46:06.129901 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /charts/liveobjects/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/charts/liveObjects/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqwAAAAU"]
[Mon Jul 28 20:46:06.130118 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/charts/liveObjects/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqwAAAAU"]
[Mon Jul 28 20:46:06.130293 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/charts/liveObjects/.env"] [unique_id "aIfFbg9nLjdPblA-25FXqwAAAAU"]
[Mon Jul 28 20:46:06.152556 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /chat-client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/chat-client/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrAAAAAU"]
[Mon Jul 28 20:46:06.152833 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/chat-client/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrAAAAAU"]
[Mon Jul 28 20:46:06.153048 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/chat-client/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrAAAAAU"]
[Mon Jul 28 20:46:06.175035 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /chiminey/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/chiminey/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrQAAAAU"]
[Mon Jul 28 20:46:06.175261 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/chiminey/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrQAAAAU"]
[Mon Jul 28 20:46:06.175436 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/chiminey/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrQAAAAU"]
[Mon Jul 28 20:46:06.241608 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ci/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrwAAAAU"]
[Mon Jul 28 20:46:06.241835 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ci/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrwAAAAU"]
[Mon Jul 28 20:46:06.241994 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ci/.env"] [unique_id "aIfFbg9nLjdPblA-25FXrwAAAAU"]
[Mon Jul 28 20:46:06.263968 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/client-app/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsAAAAAU"]
[Mon Jul 28 20:46:06.265896 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/client-app/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsAAAAAU"]
[Mon Jul 28 20:46:06.266071 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/client-app/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsAAAAAU"]
[Mon Jul 28 20:46:06.287830 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/mutual-fund-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/client/mutual-fund-app/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsQAAAAU"]
[Mon Jul 28 20:46:06.288038 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/client/mutual-fund-app/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsQAAAAU"]
[Mon Jul 28 20:46:06.288193 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/client/mutual-fund-app/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsQAAAAU"]
[Mon Jul 28 20:46:06.310164 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/client/src/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsgAAAAU"]
[Mon Jul 28 20:46:06.310393 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/client/src/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsgAAAAU"]
[Mon Jul 28 20:46:06.310557 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/client/src/.env"] [unique_id "aIfFbg9nLjdPblA-25FXsgAAAAU"]
[Mon Jul 28 20:46:06.332364 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /clientapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ClientApp/.env"] [unique_id "aIfFbg9nLjdPblA-25FXswAAAAU"]
[Mon Jul 28 20:46:06.332558 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ClientApp/.env"] [unique_id "aIfFbg9nLjdPblA-25FXswAAAAU"]
[Mon Jul 28 20:46:06.332723 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ClientApp/.env"] [unique_id "aIfFbg9nLjdPblA-25FXswAAAAU"]
[Mon Jul 28 20:46:06.354498 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /clld_dir/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/clld_dir/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtAAAAAU"]
[Mon Jul 28 20:46:06.354696 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/clld_dir/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtAAAAAU"]
[Mon Jul 28 20:46:06.354850 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/clld_dir/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtAAAAAU"]
[Mon Jul 28 20:46:06.376591 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cloud/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtQAAAAU"]
[Mon Jul 28 20:46:06.376828 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cloud/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtQAAAAU"]
[Mon Jul 28 20:46:06.376980 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cloud/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtQAAAAU"]
[Mon Jul 28 20:46:06.398811 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cmd/testdata/expected/dot_env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cmd/testdata/expected/dot_env/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtgAAAAU"]
[Mon Jul 28 20:46:06.399002 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cmd/testdata/expected/dot_env/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtgAAAAU"]
[Mon Jul 28 20:46:06.399248 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cmd/testdata/expected/dot_env/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtgAAAAU"]
[Mon Jul 28 20:46:06.421040 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /code/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/code/api/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtwAAAAU"]
[Mon Jul 28 20:46:06.421229 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/code/api/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtwAAAAU"]
[Mon Jul 28 20:46:06.421373 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/code/api/.env"] [unique_id "aIfFbg9nLjdPblA-25FXtwAAAAU"]
[Mon Jul 28 20:46:06.443067 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /code/web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/code/web/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuAAAAAU"]
[Mon Jul 28 20:46:06.443252 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/code/web/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuAAAAAU"]
[Mon Jul 28 20:46:06.443425 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/code/web/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuAAAAAU"]
[Mon Jul 28 20:46:06.465225 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codegolf.web/clientapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/CodeGolf.Web/ClientApp/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuQAAAAU"]
[Mon Jul 28 20:46:06.465415 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/CodeGolf.Web/ClientApp/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuQAAAAU"]
[Mon Jul 28 20:46:06.465560 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/CodeGolf.Web/ClientApp/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuQAAAAU"]
[Mon Jul 28 20:46:06.487417 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codenames-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/codenames-frontend/.env"] [unique_id "aIfFbg9nLjdPblA-25FXugAAAAU"]
[Mon Jul 28 20:46:06.487596 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/codenames-frontend/.env"] [unique_id "aIfFbg9nLjdPblA-25FXugAAAAU"]
[Mon Jul 28 20:46:06.487739 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/codenames-frontend/.env"] [unique_id "aIfFbg9nLjdPblA-25FXugAAAAU"]
[Mon Jul 28 20:46:06.510168 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /collab-connect-web-application/server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/collab-connect-web-application/server/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuwAAAAU"]
[Mon Jul 28 20:46:06.510387 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/collab-connect-web-application/server/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuwAAAAU"]
[Mon Jul 28 20:46:06.510542 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/collab-connect-web-application/server/.env"] [unique_id "aIfFbg9nLjdPblA-25FXuwAAAAU"]
[Mon Jul 28 20:46:06.532305 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /collected_static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/collected_static/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvAAAAAU"]
[Mon Jul 28 20:46:06.532514 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/collected_static/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvAAAAAU"]
[Mon Jul 28 20:46:06.532669 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/collected_static/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvAAAAAU"]
[Mon Jul 28 20:46:06.554385 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /community/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/community/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvQAAAAU"]
[Mon Jul 28 20:46:06.554599 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/community/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvQAAAAU"]
[Mon Jul 28 20:46:06.554755 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/community/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvQAAAAU"]
[Mon Jul 28 20:46:06.576603 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /compose/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/compose/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvgAAAAU"]
[Mon Jul 28 20:46:06.576898 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/compose/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvgAAAAU"]
[Mon Jul 28 20:46:06.577053 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/compose/.env"] [unique_id "aIfFbg9nLjdPblA-25FXvgAAAAU"]
[Mon Jul 28 20:46:06.644530 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.dev"] [unique_id "aIfFbg9nLjdPblA-25FXwQAAAAU"]
[Mon Jul 28 20:46:06.644747 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.dev"] [unique_id "aIfFbg9nLjdPblA-25FXwQAAAAU"]
[Mon Jul 28 20:46:06.644931 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.dev"] [unique_id "aIfFbg9nLjdPblA-25FXwQAAAAU"]
[Mon Jul 28 20:46:06.666797 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "aIfFbg9nLjdPblA-25FXwgAAAAU"]
[Mon Jul 28 20:46:06.667029 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "aIfFbg9nLjdPblA-25FXwgAAAAU"]
[Mon Jul 28 20:46:06.667179 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.local"] [unique_id "aIfFbg9nLjdPblA-25FXwgAAAAU"]
[Mon Jul 28 20:46:06.689119 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.production"] [unique_id "aIfFbg9nLjdPblA-25FXwwAAAAU"]
[Mon Jul 28 20:46:06.689301 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.production"] [unique_id "aIfFbg9nLjdPblA-25FXwwAAAAU"]
[Mon Jul 28 20:46:06.689453 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.production"] [unique_id "aIfFbg9nLjdPblA-25FXwwAAAAU"]
[Mon Jul 28 20:46:06.799626 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aIfFbg9nLjdPblA-25FXxwAAAAU"]
[Mon Jul 28 20:46:06.799823 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aIfFbg9nLjdPblA-25FXxwAAAAU"]
[Mon Jul 28 20:46:06.799996 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aIfFbg9nLjdPblA-25FXxwAAAAU"]
[Mon Jul 28 20:46:06.935576 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /containerregistry/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ContainerRegistry/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzQAAAAU"]
[Mon Jul 28 20:46:06.935787 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ContainerRegistry/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzQAAAAU"]
[Mon Jul 28 20:46:06.935988 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ContainerRegistry/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzQAAAAU"]
[Mon Jul 28 20:46:06.957708 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /containers/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/containers/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzgAAAAU"]
[Mon Jul 28 20:46:06.957902 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/containers/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzgAAAAU"]
[Mon Jul 28 20:46:06.958055 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/containers/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzgAAAAU"]
[Mon Jul 28 20:46:06.979800 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzwAAAAU"]
[Mon Jul 28 20:46:06.979995 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzwAAAAU"]
[Mon Jul 28 20:46:06.980154 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/content/.env"] [unique_id "aIfFbg9nLjdPblA-25FXzwAAAAU"]
[Mon Jul 28 20:46:07.002011 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/control/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0AAAAAU"]
[Mon Jul 28 20:46:07.002233 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/control/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0AAAAAU"]
[Mon Jul 28 20:46:07.002447 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/control/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0AAAAAU"]
[Mon Jul 28 20:46:07.024307 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0QAAAAU"]
[Mon Jul 28 20:46:07.024546 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0QAAAAU"]
[Mon Jul 28 20:46:07.024712 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0QAAAAU"]
[Mon Jul 28 20:46:07.046534 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0gAAAAU"]
[Mon Jul 28 20:46:07.046754 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0gAAAAU"]
[Mon Jul 28 20:46:07.046920 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0gAAAAU"]
[Mon Jul 28 20:46:07.068792 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/persistence/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/persistence/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0wAAAAU"]
[Mon Jul 28 20:46:07.069001 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/persistence/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0wAAAAU"]
[Mon Jul 28 20:46:07.069162 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/persistence/.env"] [unique_id "aIfFbw9nLjdPblA-25FX0wAAAAU"]
[Mon Jul 28 20:46:07.092785 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/src/main/resources/org/jobrunr/dashboard/frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/src/main/resources/org/jobrunr/dashboard/frontend/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1AAAAAU"]
[Mon Jul 28 20:46:07.093010 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/src/main/resources/org/jobrunr/dashboard/frontend/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1AAAAAU"]
[Mon Jul 28 20:46:07.093188 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/src/main/resources/org/jobrunr/dashboard/frontend/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1AAAAAU"]
[Mon Jul 28 20:46:07.114971 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /counterblockd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/counterblockd/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1QAAAAU"]
[Mon Jul 28 20:46:07.115175 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/counterblockd/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1QAAAAU"]
[Mon Jul 28 20:46:07.115355 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/counterblockd/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1QAAAAU"]
[Mon Jul 28 20:46:07.137267 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /counterwallet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/counterwallet/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1gAAAAU"]
[Mon Jul 28 20:46:07.137449 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/counterwallet/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1gAAAAU"]
[Mon Jul 28 20:46:07.137605 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/counterwallet/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1gAAAAU"]
[Mon Jul 28 20:46:07.159356 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cp/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1wAAAAU"]
[Mon Jul 28 20:46:07.159564 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cp/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1wAAAAU"]
[Mon Jul 28 20:46:07.159716 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cp/.env"] [unique_id "aIfFbw9nLjdPblA-25FX1wAAAAU"]
[Mon Jul 28 20:46:07.181837 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2AAAAAU"]
[Mon Jul 28 20:46:07.182057 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2AAAAAU"]
[Mon Jul 28 20:46:07.182217 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2AAAAAU"]
[Mon Jul 28 20:46:07.204107 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cryo_project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cryo_project/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2QAAAAU"]
[Mon Jul 28 20:46:07.204344 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cryo_project/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2QAAAAU"]
[Mon Jul 28 20:46:07.204548 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cryo_project/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2QAAAAU"]
[Mon Jul 28 20:46:07.226296 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /css/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/css/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2gAAAAU"]
[Mon Jul 28 20:46:07.226494 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/css/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2gAAAAU"]
[Mon Jul 28 20:46:07.226635 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/css/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2gAAAAU"]
[Mon Jul 28 20:46:07.248423 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /custom/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/custom/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2wAAAAU"]
[Mon Jul 28 20:46:07.248597 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/custom/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2wAAAAU"]
[Mon Jul 28 20:46:07.248738 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/custom/.env"] [unique_id "aIfFbw9nLjdPblA-25FX2wAAAAU"]
[Mon Jul 28 20:46:07.270543 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /d/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/d/.env"] [unique_id "aIfFbw9nLjdPblA-25FX3AAAAAU"]
[Mon Jul 28 20:46:07.270729 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/d/.env"] [unique_id "aIfFbw9nLjdPblA-25FX3AAAAAU"]
[Mon Jul 28 20:46:07.270880 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/d/.env"] [unique_id "aIfFbw9nLjdPblA-25FX3AAAAAU"]
[Mon Jul 28 20:46:07.391183 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4QAAAAU"]
[Mon Jul 28 20:46:07.391365 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4QAAAAU"]
[Mon Jul 28 20:46:07.391510 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4QAAAAU"]
[Mon Jul 28 20:46:07.413269 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4gAAAAU"]
[Mon Jul 28 20:46:07.413483 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4gAAAAU"]
[Mon Jul 28 20:46:07.413642 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4gAAAAU"]
[Mon Jul 28 20:46:07.435634 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dataset1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dataset1/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4wAAAAU"]
[Mon Jul 28 20:46:07.435822 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dataset1/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4wAAAAU"]
[Mon Jul 28 20:46:07.435976 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dataset1/.env"] [unique_id "aIfFbw9nLjdPblA-25FX4wAAAAU"]
[Mon Jul 28 20:46:07.457821 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dataset2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dataset2/.env"] [unique_id "aIfFbw9nLjdPblA-25FX5AAAAAU"]
[Mon Jul 28 20:46:07.457999 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dataset2/.env"] [unique_id "aIfFbw9nLjdPblA-25FX5AAAAAU"]
[Mon Jul 28 20:46:07.458166 2025] [:error] [pid 1530492] [client 185.177.72.201:42762] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dataset2/.env"] [unique_id "aIfFbw9nLjdPblA-25FX5AAAAAU"]
[Mon Jul 28 20:46:07.661278 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aIfFb1cqnrybmcpdiyhjbwAAAAc"]
[Mon Jul 28 20:46:07.661580 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aIfFb1cqnrybmcpdiyhjbwAAAAc"]
[Mon Jul 28 20:46:07.661736 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aIfFb1cqnrybmcpdiyhjbwAAAAc"]
[Mon Jul 28 20:46:07.681576 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aIfFb1cqnrybmcpdiyhjcAAAAAc"]
[Mon Jul 28 20:46:07.681879 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aIfFb1cqnrybmcpdiyhjcAAAAAc"]
[Mon Jul 28 20:46:07.682029 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aIfFb1cqnrybmcpdiyhjcAAAAAc"]
[Mon Jul 28 20:46:07.743941 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aIfFb1cqnrybmcpdiyhjcwAAAAc"]
[Mon Jul 28 20:46:07.744235 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aIfFb1cqnrybmcpdiyhjcwAAAAc"]
[Mon Jul 28 20:46:07.744396 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aIfFb1cqnrybmcpdiyhjcwAAAAc"]
[Mon Jul 28 20:46:07.848146 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /default/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/default/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjeAAAAAc"]
[Mon Jul 28 20:46:07.848353 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/default/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjeAAAAAc"]
[Mon Jul 28 20:46:07.848514 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/default/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjeAAAAAc"]
[Mon Jul 28 20:46:07.868672 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /delivery/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/delivery/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjeQAAAAc"]
[Mon Jul 28 20:46:07.868873 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/delivery/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjeQAAAAc"]
[Mon Jul 28 20:46:07.869051 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/delivery/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjeQAAAAc"]
[Mon Jul 28 20:46:07.889020 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo-app/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjegAAAAc"]
[Mon Jul 28 20:46:07.889239 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo-app/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjegAAAAc"]
[Mon Jul 28 20:46:07.889425 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo-app/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjegAAAAc"]
[Mon Jul 28 20:46:07.922332 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjewAAAAc"]
[Mon Jul 28 20:46:07.922567 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjewAAAAc"]
[Mon Jul 28 20:46:07.922741 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/demo/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjewAAAAc"]
[Mon Jul 28 20:46:07.984785 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/deploy/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjfgAAAAc"]
[Mon Jul 28 20:46:07.984956 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/deploy/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjfgAAAAc"]
[Mon Jul 28 20:46:07.985109 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/deploy/.env"] [unique_id "aIfFb1cqnrybmcpdiyhjfgAAAAc"]
[Mon Jul 28 20:46:08.046883 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev-env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev-env/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjgQAAAAc"]
[Mon Jul 28 20:46:08.047073 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev-env/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjgQAAAAc"]
[Mon Jul 28 20:46:08.047237 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev-env/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjgQAAAAc"]
[Mon Jul 28 20:46:08.087922 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "aIfFcFcqnrybmcpdiyhjgwAAAAc"]
[Mon Jul 28 20:46:08.088127 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "aIfFcFcqnrybmcpdiyhjgwAAAAc"]
[Mon Jul 28 20:46:08.088297 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env.local"] [unique_id "aIfFcFcqnrybmcpdiyhjgwAAAAc"]
[Mon Jul 28 20:46:08.108312 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev_env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev_env/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhAAAAAc"]
[Mon Jul 28 20:46:08.108526 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev_env/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhAAAAAc"]
[Mon Jul 28 20:46:08.108682 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev_env/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhAAAAAc"]
[Mon Jul 28 20:46:08.149774 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /developer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhgAAAAc"]
[Mon Jul 28 20:46:08.149952 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhgAAAAc"]
[Mon Jul 28 20:46:08.150118 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developer/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhgAAAAc"]
[Mon Jul 28 20:46:08.170114 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /developerslv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/developerslv/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhwAAAAc"]
[Mon Jul 28 20:46:08.170311 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/developerslv/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhwAAAAc"]
[Mon Jul 28 20:46:08.170500 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/developerslv/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjhwAAAAc"]
[Mon Jul 28 20:46:08.190535 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjiAAAAAc"]
[Mon Jul 28 20:46:08.190735 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjiAAAAAc"]
[Mon Jul 28 20:46:08.190923 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjiAAAAAc"]
[Mon Jul 28 20:46:08.252785 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /directories/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/directories/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjiwAAAAc"]
[Mon Jul 28 20:46:08.252955 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/directories/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjiwAAAAc"]
[Mon Jul 28 20:46:08.253103 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/directories/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjiwAAAAc"]
[Mon Jul 28 20:46:08.273251 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjAAAAAc"]
[Mon Jul 28 20:46:08.273441 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjAAAAAc"]
[Mon Jul 28 20:46:08.273603 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dist/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjAAAAAc"]
[Mon Jul 28 20:46:08.314882 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /django-blog/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/django-blog/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjgAAAAc"]
[Mon Jul 28 20:46:08.315056 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/django-blog/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjgAAAAc"]
[Mon Jul 28 20:46:08.315209 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/django-blog/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjgAAAAc"]
[Mon Jul 28 20:46:08.335139 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /django/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/django/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjwAAAAc"]
[Mon Jul 28 20:46:08.335309 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/django/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjwAAAAc"]
[Mon Jul 28 20:46:08.335460 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/django/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjjwAAAAc"]
[Mon Jul 28 20:46:08.355335 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /django_project_path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/django_project_path/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkAAAAAc"]
[Mon Jul 28 20:46:08.355549 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/django_project_path/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkAAAAAc"]
[Mon Jul 28 20:46:08.355737 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/django_project_path/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkAAAAAc"]
[Mon Jul 28 20:46:08.375617 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /doc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/doc/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkQAAAAc"]
[Mon Jul 28 20:46:08.375801 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/doc/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkQAAAAc"]
[Mon Jul 28 20:46:08.375988 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/doc/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkQAAAAc"]
[Mon Jul 28 20:46:08.416667 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-compose/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkwAAAAc"]
[Mon Jul 28 20:46:08.416847 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkwAAAAc"]
[Mon Jul 28 20:46:08.417005 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjkwAAAAc"]
[Mon Jul 28 20:46:08.436996 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-compose/platform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/platform/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlAAAAAc"]
[Mon Jul 28 20:46:08.437164 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/platform/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlAAAAAc"]
[Mon Jul 28 20:46:08.437325 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-compose/platform/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlAAAAAc"]
[Mon Jul 28 20:46:08.457188 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-elk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-elk/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlQAAAAc"]
[Mon Jul 28 20:46:08.457358 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-elk/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlQAAAAc"]
[Mon Jul 28 20:46:08.457509 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-elk/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlQAAAAc"]
[Mon Jul 28 20:46:08.492977 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-network-healthcheck/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-network-healthcheck/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlgAAAAc"]
[Mon Jul 28 20:46:08.493146 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-network-healthcheck/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlgAAAAc"]
[Mon Jul 28 20:46:08.493306 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-network-healthcheck/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlgAAAAc"]
[Mon Jul 28 20:46:08.513400 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-node-mongo-redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-node-mongo-redis/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlwAAAAc"]
[Mon Jul 28 20:46:08.513590 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-node-mongo-redis/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlwAAAAc"]
[Mon Jul 28 20:46:08.513755 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker-node-mongo-redis/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjlwAAAAc"]
[Mon Jul 28 20:46:08.533728 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/compose/withmongo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/compose/withMongo/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmAAAAAc"]
[Mon Jul 28 20:46:08.533915 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/compose/withMongo/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmAAAAAc"]
[Mon Jul 28 20:46:08.534079 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/compose/withMongo/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmAAAAAc"]
[Mon Jul 28 20:46:08.553968 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/compose/withpostgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/compose/withPostgres/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmQAAAAc"]
[Mon Jul 28 20:46:08.554161 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/compose/withPostgres/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmQAAAAc"]
[Mon Jul 28 20:46:08.554328 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/compose/withPostgres/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmQAAAAc"]
[Mon Jul 28 20:46:08.574219 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/database/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmgAAAAc"]
[Mon Jul 28 20:46:08.574436 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/database/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmgAAAAc"]
[Mon Jul 28 20:46:08.574607 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/database/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmgAAAAc"]
[Mon Jul 28 20:46:08.594769 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/db/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/db/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmwAAAAc"]
[Mon Jul 28 20:46:08.594960 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/db/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmwAAAAc"]
[Mon Jul 28 20:46:08.595136 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/db/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjmwAAAAc"]
[Mon Jul 28 20:46:08.615103 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/dev/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnAAAAAc"]
[Mon Jul 28 20:46:08.615294 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/dev/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnAAAAAc"]
[Mon Jul 28 20:46:08.615460 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/dev/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnAAAAAc"]
[Mon Jul 28 20:46:08.635513 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/examples/compose/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/examples/compose/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnQAAAAc"]
[Mon Jul 28 20:46:08.635773 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/examples/compose/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnQAAAAc"]
[Mon Jul 28 20:46:08.635954 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/examples/compose/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnQAAAAc"]
[Mon Jul 28 20:46:08.655848 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/postgres/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjngAAAAc"]
[Mon Jul 28 20:46:08.656064 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/postgres/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjngAAAAc"]
[Mon Jul 28 20:46:08.656259 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/postgres/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjngAAAAc"]
[Mon Jul 28 20:46:08.676090 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/webdav/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/webdav/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnwAAAAc"]
[Mon Jul 28 20:46:08.676282 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/webdav/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnwAAAAc"]
[Mon Jul 28 20:46:08.676463 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/webdav/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjnwAAAAc"]
[Mon Jul 28 20:46:08.696352 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjoAAAAAc"]
[Mon Jul 28 20:46:08.696533 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjoAAAAAc"]
[Mon Jul 28 20:46:08.696692 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docs/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjoAAAAAc"]
[Mon Jul 28 20:46:08.716736 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dodoswap-client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dodoswap-client/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjoQAAAAc"]
[Mon Jul 28 20:46:08.716935 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dodoswap-client/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjoQAAAAc"]
[Mon Jul 28 20:46:08.717117 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dodoswap-client/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjoQAAAAc"]
[Mon Jul 28 20:46:08.737361 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dotfiles/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dotfiles/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjogAAAAc"]
[Mon Jul 28 20:46:08.737539 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dotfiles/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjogAAAAc"]
[Mon Jul 28 20:46:08.737693 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dotfiles/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjogAAAAc"]
[Mon Jul 28 20:46:08.757683 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /download/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/download/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjowAAAAc"]
[Mon Jul 28 20:46:08.757861 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/download/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjowAAAAc"]
[Mon Jul 28 20:46:08.758016 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/download/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjowAAAAc"]
[Mon Jul 28 20:46:08.778017 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /downloads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/downloads/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpAAAAAc"]
[Mon Jul 28 20:46:08.778209 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/downloads/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpAAAAAc"]
[Mon Jul 28 20:46:08.778399 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/downloads/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpAAAAAc"]
[Mon Jul 28 20:46:08.798412 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpQAAAAc"]
[Mon Jul 28 20:46:08.798600 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpQAAAAc"]
[Mon Jul 28 20:46:08.798759 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/drupal/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpQAAAAc"]
[Mon Jul 28 20:46:08.818560 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aIfFcFcqnrybmcpdiyhjpgAAAAc"]
[Mon Jul 28 20:46:08.818832 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aIfFcFcqnrybmcpdiyhjpgAAAAc"]
[Mon Jul 28 20:46:08.818980 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aIfFcFcqnrybmcpdiyhjpgAAAAc"]
[Mon Jul 28 20:46:08.838840 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /e2e/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/e2e/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpwAAAAc"]
[Mon Jul 28 20:46:08.839028 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/e2e/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpwAAAAc"]
[Mon Jul 28 20:46:08.839180 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/e2e/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjpwAAAAc"]
[Mon Jul 28 20:46:08.859127 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjqAAAAAc"]
[Mon Jul 28 20:46:08.859299 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjqAAAAAc"]
[Mon Jul 28 20:46:08.859464 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjqAAAAAc"]
[Mon Jul 28 20:46:08.879378 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /engine/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/engine/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjqQAAAAc"]
[Mon Jul 28 20:46:08.879536 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/engine/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjqQAAAAc"]
[Mon Jul 28 20:46:08.879690 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/engine/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjqQAAAAc"]
[Mon Jul 28 20:46:08.961748 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/dockers/mariadb-test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/dockers/mariadb-test/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjrQAAAAc"]
[Mon Jul 28 20:46:08.961930 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/dockers/mariadb-test/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjrQAAAAc"]
[Mon Jul 28 20:46:08.962077 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/dockers/mariadb-test/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjrQAAAAc"]
[Mon Jul 28 20:46:08.982273 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/dockers/php-apache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/dockers/php-apache/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjrgAAAAc"]
[Mon Jul 28 20:46:08.982467 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/dockers/php-apache/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjrgAAAAc"]
[Mon Jul 28 20:46:08.982619 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/dockers/php-apache/.env"] [unique_id "aIfFcFcqnrybmcpdiyhjrgAAAAc"]
[Mon Jul 28 20:46:09.002592 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/example/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjrwAAAAc"]
[Mon Jul 28 20:46:09.002776 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjrwAAAAc"]
[Mon Jul 28 20:46:09.002931 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjrwAAAAc"]
[Mon Jul 28 20:46:09.046007 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/template/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/template/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsAAAAAc"]
[Mon Jul 28 20:46:09.046206 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/template/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsAAAAAc"]
[Mon Jul 28 20:46:09.046382 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/template/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsAAAAAc"]
[Mon Jul 28 20:46:09.066476 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /environments/local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/environments/local/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsQAAAAc"]
[Mon Jul 28 20:46:09.066678 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/environments/local/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsQAAAAc"]
[Mon Jul 28 20:46:09.066850 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/environments/local/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsQAAAAc"]
[Mon Jul 28 20:46:09.088360 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /environments/production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/environments/production/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsgAAAAc"]
[Mon Jul 28 20:46:09.088583 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/environments/production/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsgAAAAc"]
[Mon Jul 28 20:46:09.088749 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/environments/production/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjsgAAAAc"]
[Mon Jul 28 20:46:09.108762 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /envs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/envs/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjswAAAAc"]
[Mon Jul 28 20:46:09.108951 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/envs/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjswAAAAc"]
[Mon Jul 28 20:46:09.109129 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/envs/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjswAAAAc"]
[Mon Jul 28 20:46:09.129117 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aIfFcVcqnrybmcpdiyhjtAAAAAc"]
[Mon Jul 28 20:46:09.129392 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aIfFcVcqnrybmcpdiyhjtAAAAAc"]
[Mon Jul 28 20:46:09.129553 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aIfFcVcqnrybmcpdiyhjtAAAAAc"]
[Mon Jul 28 20:46:09.149523 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /error/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/error/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtQAAAAc"]
[Mon Jul 28 20:46:09.149702 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtQAAAAc"]
[Mon Jul 28 20:46:09.149853 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtQAAAAc"]
[Mon Jul 28 20:46:09.170007 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /errors/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/errors/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtgAAAAc"]
[Mon Jul 28 20:46:09.170204 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/errors/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtgAAAAc"]
[Mon Jul 28 20:46:09.170392 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/errors/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtgAAAAc"]
[Mon Jul 28 20:46:09.190468 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /example/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtwAAAAc"]
[Mon Jul 28 20:46:09.190670 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtwAAAAc"]
[Mon Jul 28 20:46:09.190838 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjtwAAAAc"]
[Mon Jul 28 20:46:09.210996 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /example02-golang-package/import-underscore/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/example02-golang-package/import-underscore/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuAAAAAc"]
[Mon Jul 28 20:46:09.211184 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/example02-golang-package/import-underscore/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuAAAAAc"]
[Mon Jul 28 20:46:09.211354 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/example02-golang-package/import-underscore/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuAAAAAc"]
[Mon Jul 28 20:46:09.231299 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /example27-how-to-load-env/sample01/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/example27-how-to-load-env/sample01/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuQAAAAc"]
[Mon Jul 28 20:46:09.231486 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/example27-how-to-load-env/sample01/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuQAAAAc"]
[Mon Jul 28 20:46:09.231662 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/example27-how-to-load-env/sample01/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuQAAAAc"]
[Mon Jul 28 20:46:09.251594 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /example27-how-to-load-env/sample02/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/example27-how-to-load-env/sample02/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjugAAAAc"]
[Mon Jul 28 20:46:09.251777 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/example27-how-to-load-env/sample02/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjugAAAAc"]
[Mon Jul 28 20:46:09.251933 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/example27-how-to-load-env/sample02/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjugAAAAc"]
[Mon Jul 28 20:46:09.271892 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuwAAAAc"]
[Mon Jul 28 20:46:09.272064 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuwAAAAc"]
[Mon Jul 28 20:46:09.272237 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjuwAAAAc"]
[Mon Jul 28 20:46:09.292868 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/01-simple-model/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/01-simple-model/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvAAAAAc"]
[Mon Jul 28 20:46:09.293046 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/01-simple-model/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvAAAAAc"]
[Mon Jul 28 20:46:09.293206 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/01-simple-model/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvAAAAAc"]
[Mon Jul 28 20:46:09.313226 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/02-complex-example/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/02-complex-example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvQAAAAc"]
[Mon Jul 28 20:46:09.313419 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/02-complex-example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvQAAAAc"]
[Mon Jul 28 20:46:09.313585 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/02-complex-example/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvQAAAAc"]
[Mon Jul 28 20:46:09.333630 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/03-one-to-many-relationship/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/03-one-to-many-relationship/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvgAAAAc"]
[Mon Jul 28 20:46:09.333808 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/03-one-to-many-relationship/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvgAAAAc"]
[Mon Jul 28 20:46:09.333966 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/03-one-to-many-relationship/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvgAAAAc"]
[Mon Jul 28 20:46:09.353906 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/04-many-to-many-relationship/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/04-many-to-many-relationship/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvwAAAAc"]
[Mon Jul 28 20:46:09.354079 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/04-many-to-many-relationship/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvwAAAAc"]
[Mon Jul 28 20:46:09.354245 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/04-many-to-many-relationship/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjvwAAAAc"]
[Mon Jul 28 20:46:09.375755 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/05-migrations/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/05-migrations/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwAAAAAc"]
[Mon Jul 28 20:46:09.375941 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/05-migrations/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwAAAAAc"]
[Mon Jul 28 20:46:09.376108 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/05-migrations/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwAAAAAc"]
[Mon Jul 28 20:46:09.396189 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/06-base-service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/06-base-service/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwQAAAAc"]
[Mon Jul 28 20:46:09.396370 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/06-base-service/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwQAAAAc"]
[Mon Jul 28 20:46:09.396538 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/06-base-service/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwQAAAAc"]
[Mon Jul 28 20:46:09.416653 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/07-feature-flags/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/07-feature-flags/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwgAAAAc"]
[Mon Jul 28 20:46:09.416840 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/07-feature-flags/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwgAAAAc"]
[Mon Jul 28 20:46:09.417004 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/07-feature-flags/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwgAAAAc"]
[Mon Jul 28 20:46:09.436946 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/08-performance/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/08-performance/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwwAAAAc"]
[Mon Jul 28 20:46:09.437120 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/08-performance/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwwAAAAc"]
[Mon Jul 28 20:46:09.437283 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/08-performance/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjwwAAAAc"]
[Mon Jul 28 20:46:09.457293 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/09-production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/09-production/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxAAAAAc"]
[Mon Jul 28 20:46:09.457460 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/09-production/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxAAAAAc"]
[Mon Jul 28 20:46:09.457610 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/09-production/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxAAAAAc"]
[Mon Jul 28 20:46:09.477701 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/10-subscriptions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/10-subscriptions/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxQAAAAc"]
[Mon Jul 28 20:46:09.477866 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/10-subscriptions/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxQAAAAc"]
[Mon Jul 28 20:46:09.478037 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/10-subscriptions/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxQAAAAc"]
[Mon Jul 28 20:46:09.498785 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/11-transactions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/11-transactions/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxgAAAAc"]
[Mon Jul 28 20:46:09.498966 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/11-transactions/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxgAAAAc"]
[Mon Jul 28 20:46:09.499130 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/11-transactions/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxgAAAAc"]
[Mon Jul 28 20:46:09.519904 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/drupal-separate-services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/drupal-separate-services/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxwAAAAc"]
[Mon Jul 28 20:46:09.520082 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/drupal-separate-services/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxwAAAAc"]
[Mon Jul 28 20:46:09.520264 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/drupal-separate-services/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjxwAAAAc"]
[Mon Jul 28 20:46:09.540177 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/react-dashboard/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/react-dashboard/backend/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjyAAAAAc"]
[Mon Jul 28 20:46:09.540352 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/react-dashboard/backend/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjyAAAAAc"]
[Mon Jul 28 20:46:09.540510 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/react-dashboard/backend/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjyAAAAAc"]
[Mon Jul 28 20:46:09.560582 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/sdl-first/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjyQAAAAc"]
[Mon Jul 28 20:46:09.560774 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjyQAAAAc"]
[Mon Jul 28 20:46:09.560949 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjyQAAAAc"]
[Mon Jul 28 20:46:09.581042 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/sdl-first/prisma/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/prisma/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjygAAAAc"]
[Mon Jul 28 20:46:09.581233 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/prisma/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjygAAAAc"]
[Mon Jul 28 20:46:09.581399 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/sdl-first/prisma/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjygAAAAc"]
[Mon Jul 28 20:46:09.601391 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/vue-dashboard/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/vue-dashboard/backend/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjywAAAAc"]
[Mon Jul 28 20:46:09.601574 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/vue-dashboard/backend/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjywAAAAc"]
[Mon Jul 28 20:46:09.601739 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/vue-dashboard/backend/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjywAAAAc"]
[Mon Jul 28 20:46:09.621864 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/web/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzAAAAAc"]
[Mon Jul 28 20:46:09.622050 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/web/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzAAAAAc"]
[Mon Jul 28 20:46:09.622211 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/web/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzAAAAAc"]
[Mon Jul 28 20:46:09.642401 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/with-cookie-auth-fauna/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-cookie-auth-fauna/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzQAAAAc"]
[Mon Jul 28 20:46:09.642580 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-cookie-auth-fauna/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzQAAAAc"]
[Mon Jul 28 20:46:09.642735 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-cookie-auth-fauna/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzQAAAAc"]
[Mon Jul 28 20:46:09.662870 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/with-dotenv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-dotenv/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzgAAAAc"]
[Mon Jul 28 20:46:09.663055 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-dotenv/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzgAAAAc"]
[Mon Jul 28 20:46:09.663214 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-dotenv/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzgAAAAc"]
[Mon Jul 28 20:46:09.683263 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/with-firebase-authentication-serverless/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-firebase-authentication-serverless/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzwAAAAc"]
[Mon Jul 28 20:46:09.683460 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-firebase-authentication-serverless/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzwAAAAc"]
[Mon Jul 28 20:46:09.683647 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-firebase-authentication-serverless/.env"] [unique_id "aIfFcVcqnrybmcpdiyhjzwAAAAc"]
[Mon Jul 28 20:46:09.703689 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/with-react-relay-network-modern/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-react-relay-network-modern/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0AAAAAc"]
[Mon Jul 28 20:46:09.703901 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-react-relay-network-modern/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0AAAAAc"]
[Mon Jul 28 20:46:09.704083 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-react-relay-network-modern/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0AAAAAc"]
[Mon Jul 28 20:46:09.726017 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/with-relay-modern/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-relay-modern/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0QAAAAc"]
[Mon Jul 28 20:46:09.726233 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-relay-modern/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0QAAAAc"]
[Mon Jul 28 20:46:09.726431 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-relay-modern/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0QAAAAc"]
[Mon Jul 28 20:46:09.746511 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /examples/with-universal-configuration-build-time/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-universal-configuration-build-time/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0gAAAAc"]
[Mon Jul 28 20:46:09.746722 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-universal-configuration-build-time/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0gAAAAc"]
[Mon Jul 28 20:46:09.746885 2025] [:error] [pid 1533944] [client 185.177.72.201:42766] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/examples/with-universal-configuration-build-time/.env"] [unique_id "aIfFcVcqnrybmcpdiyhj0gAAAAc"]
[Mon Jul 28 20:46:09.906286 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exercise.frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Exercise.Frontend/.env"] [unique_id "aIfFccc5NK034Azyi1-IjgAAAAA"]
[Mon Jul 28 20:46:09.906553 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Exercise.Frontend/.env"] [unique_id "aIfFccc5NK034Azyi1-IjgAAAAA"]
[Mon Jul 28 20:46:09.906739 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Exercise.Frontend/.env"] [unique_id "aIfFccc5NK034Azyi1-IjgAAAAA"]
[Mon Jul 28 20:46:09.926964 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exercise.frontend/train/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Exercise.Frontend/train/.env"] [unique_id "aIfFccc5NK034Azyi1-IjwAAAAA"]
[Mon Jul 28 20:46:09.927181 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Exercise.Frontend/train/.env"] [unique_id "aIfFccc5NK034Azyi1-IjwAAAAA"]
[Mon Jul 28 20:46:09.927333 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Exercise.Frontend/train/.env"] [unique_id "aIfFccc5NK034Azyi1-IjwAAAAA"]
[Mon Jul 28 20:46:09.947787 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /export/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/export/.env"] [unique_id "aIfFccc5NK034Azyi1-IkAAAAAA"]
[Mon Jul 28 20:46:09.947992 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/export/.env"] [unique_id "aIfFccc5NK034Azyi1-IkAAAAAA"]
[Mon Jul 28 20:46:09.948146 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/export/.env"] [unique_id "aIfFccc5NK034Azyi1-IkAAAAAA"]
[Mon Jul 28 20:46:09.968188 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fastlane/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fastlane/.env"] [unique_id "aIfFccc5NK034Azyi1-IkQAAAAA"]
[Mon Jul 28 20:46:09.968388 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fastlane/.env"] [unique_id "aIfFccc5NK034Azyi1-IkQAAAAA"]
[Mon Jul 28 20:46:09.968544 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fastlane/.env"] [unique_id "aIfFccc5NK034Azyi1-IkQAAAAA"]
[Mon Jul 28 20:46:09.988666 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /favicons/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/favicons/.env"] [unique_id "aIfFccc5NK034Azyi1-IkgAAAAA"]
[Mon Jul 28 20:46:09.988851 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/favicons/.env"] [unique_id "aIfFccc5NK034Azyi1-IkgAAAAA"]
[Mon Jul 28 20:46:09.989020 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/favicons/.env"] [unique_id "aIfFccc5NK034Azyi1-IkgAAAAA"]
[Mon Jul 28 20:46:10.009065 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /favs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/favs/.env"] [unique_id "aIfFcsc5NK034Azyi1-IkwAAAAA"]
[Mon Jul 28 20:46:10.009252 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/favs/.env"] [unique_id "aIfFcsc5NK034Azyi1-IkwAAAAA"]
[Mon Jul 28 20:46:10.009399 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/favs/.env"] [unique_id "aIfFcsc5NK034Azyi1-IkwAAAAA"]
[Mon Jul 28 20:46:10.029449 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fe/huey/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/FE/huey/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlAAAAAA"]
[Mon Jul 28 20:46:10.029629 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/FE/huey/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlAAAAAA"]
[Mon Jul 28 20:46:10.029797 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/FE/huey/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlAAAAAA"]
[Mon Jul 28 20:46:10.049971 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fedex/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fedex/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlQAAAAA"]
[Mon Jul 28 20:46:10.050149 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fedex/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlQAAAAA"]
[Mon Jul 28 20:46:10.050307 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fedex/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlQAAAAA"]
[Mon Jul 28 20:46:10.070431 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fhir-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fhir-api/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlgAAAAA"]
[Mon Jul 28 20:46:10.070603 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fhir-api/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlgAAAAA"]
[Mon Jul 28 20:46:10.070781 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fhir-api/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlgAAAAA"]
[Mon Jul 28 20:46:10.094963 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlwAAAAA"]
[Mon Jul 28 20:46:10.095168 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlwAAAAA"]
[Mon Jul 28 20:46:10.095349 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/files/.env"] [unique_id "aIfFcsc5NK034Azyi1-IlwAAAAA"]
[Mon Jul 28 20:46:10.115388 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fileserver/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fileserver/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImAAAAAA"]
[Mon Jul 28 20:46:10.115587 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fileserver/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImAAAAAA"]
[Mon Jul 28 20:46:10.115761 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fileserver/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImAAAAAA"]
[Mon Jul 28 20:46:10.135996 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /films/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/films/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImQAAAAA"]
[Mon Jul 28 20:46:10.136231 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/films/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImQAAAAA"]
[Mon Jul 28 20:46:10.136402 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/films/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImQAAAAA"]
[Mon Jul 28 20:46:10.157265 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /final_project/airflow_dag/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/Airflow_Dag/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImgAAAAA"]
[Mon Jul 28 20:46:10.157491 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/Airflow_Dag/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImgAAAAA"]
[Mon Jul 28 20:46:10.157676 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/Airflow_Dag/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImgAAAAA"]
[Mon Jul 28 20:46:10.178547 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /final_project/kafka_twitter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/kafka_twitter/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImwAAAAA"]
[Mon Jul 28 20:46:10.178755 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/kafka_twitter/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImwAAAAA"]
[Mon Jul 28 20:46:10.178952 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/kafka_twitter/.env"] [unique_id "aIfFcsc5NK034Azyi1-ImwAAAAA"]
[Mon Jul 28 20:46:10.199342 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /final_project/startingfile/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/StartingFile/.env"] [unique_id "aIfFcsc5NK034Azyi1-InAAAAAA"]
[Mon Jul 28 20:46:10.199558 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/StartingFile/.env"] [unique_id "aIfFcsc5NK034Azyi1-InAAAAAA"]
[Mon Jul 28 20:46:10.199736 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Final_Project/StartingFile/.env"] [unique_id "aIfFcsc5NK034Azyi1-InAAAAAA"]
[Mon Jul 28 20:46:10.219727 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /finalversion/lcomernbootcamp/projbackend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/finalVersion/lcomernbootcamp/projbackend/.env"] [unique_id "aIfFcsc5NK034Azyi1-InQAAAAA"]
[Mon Jul 28 20:46:10.219956 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/finalVersion/lcomernbootcamp/projbackend/.env"] [unique_id "aIfFcsc5NK034Azyi1-InQAAAAA"]
[Mon Jul 28 20:46:10.220117 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/finalVersion/lcomernbootcamp/projbackend/.env"] [unique_id "aIfFcsc5NK034Azyi1-InQAAAAA"]
[Mon Jul 28 20:46:10.261399 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /first-network/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/first-network/.env"] [unique_id "aIfFcsc5NK034Azyi1-InwAAAAA"]
[Mon Jul 28 20:46:10.261581 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/first-network/.env"] [unique_id "aIfFcsc5NK034Azyi1-InwAAAAA"]
[Mon Jul 28 20:46:10.261730 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/first-network/.env"] [unique_id "aIfFcsc5NK034Azyi1-InwAAAAA"]
[Mon Jul 28 20:46:10.281784 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /first_config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/FIRST_CONFIG/.env"] [unique_id "aIfFcsc5NK034Azyi1-IoAAAAAA"]
[Mon Jul 28 20:46:10.281977 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/FIRST_CONFIG/.env"] [unique_id "aIfFcsc5NK034Azyi1-IoAAAAAA"]
[Mon Jul 28 20:46:10.282141 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/FIRST_CONFIG/.env"] [unique_id "aIfFcsc5NK034Azyi1-IoAAAAAA"]
[Mon Jul 28 20:46:10.302139 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fisdom/fisdom/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fisdom/fisdom/.env"] [unique_id "aIfFcsc5NK034Azyi1-IoQAAAAA"]
[Mon Jul 28 20:46:10.302309 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fisdom/fisdom/.env"] [unique_id "aIfFcsc5NK034Azyi1-IoQAAAAA"]
[Mon Jul 28 20:46:10.302480 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fisdom/fisdom/.env"] [unique_id "aIfFcsc5NK034Azyi1-IoQAAAAA"]
[Mon Jul 28 20:46:10.323101 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fixtures/blocks/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/blocks/.env"] [unique_id "aIfFcsc5NK034Azyi1-IogAAAAA"]
[Mon Jul 28 20:46:10.323266 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/blocks/.env"] [unique_id "aIfFcsc5NK034Azyi1-IogAAAAA"]
[Mon Jul 28 20:46:10.323440 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/blocks/.env"] [unique_id "aIfFcsc5NK034Azyi1-IogAAAAA"]
[Mon Jul 28 20:46:10.343838 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fixtures/fiber-debugger/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/fiber-debugger/.env"] [unique_id "aIfFcsc5NK034Azyi1-IowAAAAA"]
[Mon Jul 28 20:46:10.344046 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/fiber-debugger/.env"] [unique_id "aIfFcsc5NK034Azyi1-IowAAAAA"]
[Mon Jul 28 20:46:10.344241 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/fiber-debugger/.env"] [unique_id "aIfFcsc5NK034Azyi1-IowAAAAA"]
[Mon Jul 28 20:46:10.364346 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fixtures/flight/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/flight/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpAAAAAA"]
[Mon Jul 28 20:46:10.364564 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/flight/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpAAAAAA"]
[Mon Jul 28 20:46:10.364739 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/flight/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpAAAAAA"]
[Mon Jul 28 20:46:10.384759 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fixtures/kitchensink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/kitchensink/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpQAAAAA"]
[Mon Jul 28 20:46:10.384937 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/kitchensink/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpQAAAAA"]
[Mon Jul 28 20:46:10.385090 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fixtures/kitchensink/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpQAAAAA"]
[Mon Jul 28 20:46:10.405031 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /flask/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flask/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpgAAAAA"]
[Mon Jul 28 20:46:10.405207 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flask/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpgAAAAA"]
[Mon Jul 28 20:46:10.405359 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flask/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpgAAAAA"]
[Mon Jul 28 20:46:10.434410 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /flask_test_uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/flask_test_uploads/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpwAAAAA"]
[Mon Jul 28 20:46:10.434640 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/flask_test_uploads/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpwAAAAA"]
[Mon Jul 28 20:46:10.434798 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/flask_test_uploads/.env"] [unique_id "aIfFcsc5NK034Azyi1-IpwAAAAA"]
[Mon Jul 28 20:46:10.454941 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fm/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqAAAAAA"]
[Mon Jul 28 20:46:10.455114 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fm/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqAAAAAA"]
[Mon Jul 28 20:46:10.455264 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fm/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqAAAAAA"]
[Mon Jul 28 20:46:10.475492 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /font-icons/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/font-icons/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqQAAAAA"]
[Mon Jul 28 20:46:10.475747 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/font-icons/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqQAAAAA"]
[Mon Jul 28 20:46:10.475967 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/font-icons/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqQAAAAA"]
[Mon Jul 28 20:46:10.496102 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fonts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/fonts/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqgAAAAA"]
[Mon Jul 28 20:46:10.496396 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/fonts/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqgAAAAA"]
[Mon Jul 28 20:46:10.496620 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/fonts/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqgAAAAA"]
[Mon Jul 28 20:46:10.516855 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /framework/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/framework/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqwAAAAA"]
[Mon Jul 28 20:46:10.517130 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/framework/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqwAAAAA"]
[Mon Jul 28 20:46:10.517355 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/framework/.env"] [unique_id "aIfFcsc5NK034Azyi1-IqwAAAAA"]
[Mon Jul 28 20:46:10.537455 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/front-app/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrAAAAAA"]
[Mon Jul 28 20:46:10.537637 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/front-app/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrAAAAAA"]
[Mon Jul 28 20:46:10.537791 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/front-app/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrAAAAAA"]
[Mon Jul 28 20:46:10.557800 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front-empathy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/front-empathy/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrQAAAAA"]
[Mon Jul 28 20:46:10.558009 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/front-empathy/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrQAAAAA"]
[Mon Jul 28 20:46:10.558169 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/front-empathy/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrQAAAAA"]
[Mon Jul 28 20:46:10.578145 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front-end/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/front-end/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrgAAAAA"]
[Mon Jul 28 20:46:10.578335 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/front-end/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrgAAAAA"]
[Mon Jul 28 20:46:10.578508 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/front-end/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrgAAAAA"]
[Mon Jul 28 20:46:10.598674 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrwAAAAA"]
[Mon Jul 28 20:46:10.598881 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrwAAAAA"]
[Mon Jul 28 20:46:10.599023 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/front/.env"] [unique_id "aIfFcsc5NK034Azyi1-IrwAAAAA"]
[Mon Jul 28 20:46:10.619458 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/front/src/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsAAAAAA"]
[Mon Jul 28 20:46:10.619635 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/front/src/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsAAAAAA"]
[Mon Jul 28 20:46:10.619781 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/front/src/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsAAAAAA"]
[Mon Jul 28 20:46:10.639857 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/momentum-fe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/momentum-fe/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsQAAAAA"]
[Mon Jul 28 20:46:10.640060 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/momentum-fe/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsQAAAAA"]
[Mon Jul 28 20:46:10.640238 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/momentum-fe/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsQAAAAA"]
[Mon Jul 28 20:46:10.660373 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/react/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsgAAAAA"]
[Mon Jul 28 20:46:10.660566 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/react/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsgAAAAA"]
[Mon Jul 28 20:46:10.660730 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/react/.env"] [unique_id "aIfFcsc5NK034Azyi1-IsgAAAAA"]
[Mon Jul 28 20:46:10.680900 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/vue/.env"] [unique_id "aIfFcsc5NK034Azyi1-IswAAAAA"]
[Mon Jul 28 20:46:10.681097 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/vue/.env"] [unique_id "aIfFcsc5NK034Azyi1-IswAAAAA"]
[Mon Jul 28 20:46:10.681243 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/vue/.env"] [unique_id "aIfFcsc5NK034Azyi1-IswAAAAA"]
[Mon Jul 28 20:46:10.723027 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontendfinaltest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontendfinaltest/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItQAAAAA"]
[Mon Jul 28 20:46:10.723282 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontendfinaltest/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItQAAAAA"]
[Mon Jul 28 20:46:10.723491 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontendfinaltest/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItQAAAAA"]
[Mon Jul 28 20:46:10.743870 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ftp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ftp/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItgAAAAA"]
[Mon Jul 28 20:46:10.744103 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ftp/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItgAAAAA"]
[Mon Jul 28 20:46:10.744290 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ftp/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItgAAAAA"]
[Mon Jul 28 20:46:10.764548 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ftpmaster/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ftpmaster/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItwAAAAA"]
[Mon Jul 28 20:46:10.764799 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ftpmaster/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItwAAAAA"]
[Mon Jul 28 20:46:10.764977 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ftpmaster/.env"] [unique_id "aIfFcsc5NK034Azyi1-ItwAAAAA"]
[Mon Jul 28 20:46:10.785267 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aIfFcsc5NK034Azyi1-IuAAAAAA"]
[Mon Jul 28 20:46:10.785500 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aIfFcsc5NK034Azyi1-IuAAAAAA"]
[Mon Jul 28 20:46:10.785712 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aIfFcsc5NK034Azyi1-IuAAAAAA"]
[Mon Jul 28 20:46:10.827440 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/gcp/.env"] [unique_id "aIfFcsc5NK034Azyi1-IugAAAAA"]
[Mon Jul 28 20:46:10.827680 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/gcp/.env"] [unique_id "aIfFcsc5NK034Azyi1-IugAAAAA"]
[Mon Jul 28 20:46:10.827865 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/gcp/.env"] [unique_id "aIfFcsc5NK034Azyi1-IugAAAAA"]
[Mon Jul 28 20:46:10.916101 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github-connect/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/github-connect/.env"] [unique_id "aIfFcsc5NK034Azyi1-IvgAAAAA"]
[Mon Jul 28 20:46:10.916329 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/github-connect/.env"] [unique_id "aIfFcsc5NK034Azyi1-IvgAAAAA"]
[Mon Jul 28 20:46:10.916497 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/github-connect/.env"] [unique_id "aIfFcsc5NK034Azyi1-IvgAAAAA"]
[Mon Jul 28 20:46:10.936868 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /google/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/google/.env"] [unique_id "aIfFcsc5NK034Azyi1-IvwAAAAA"]
[Mon Jul 28 20:46:10.937105 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/google/.env"] [unique_id "aIfFcsc5NK034Azyi1-IvwAAAAA"]
[Mon Jul 28 20:46:10.937318 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/google/.env"] [unique_id "aIfFcsc5NK034Azyi1-IvwAAAAA"]
[Mon Jul 28 20:46:10.999639 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /grems-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/grems-api/.env"] [unique_id "aIfFcsc5NK034Azyi1-IwgAAAAA"]
[Mon Jul 28 20:46:10.999858 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/grems-api/.env"] [unique_id "aIfFcsc5NK034Azyi1-IwgAAAAA"]
[Mon Jul 28 20:46:11.000023 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/grems-api/.env"] [unique_id "aIfFcsc5NK034Azyi1-IwgAAAAA"]
[Mon Jul 28 20:46:11.020202 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /grems-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/grems-frontend/.env"] [unique_id "aIfFc8c5NK034Azyi1-IwwAAAAA"]
[Mon Jul 28 20:46:11.020436 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/grems-frontend/.env"] [unique_id "aIfFc8c5NK034Azyi1-IwwAAAAA"]
[Mon Jul 28 20:46:11.020618 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/grems-frontend/.env"] [unique_id "aIfFc8c5NK034Azyi1-IwwAAAAA"]
[Mon Jul 28 20:46:11.041070 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /hash/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Hash/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxAAAAAA"]
[Mon Jul 28 20:46:11.041307 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Hash/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxAAAAAA"]
[Mon Jul 28 20:46:11.041490 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Hash/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxAAAAAA"]
[Mon Jul 28 20:46:11.061786 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /hasura/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hasura/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxQAAAAA"]
[Mon Jul 28 20:46:11.062017 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hasura/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxQAAAAA"]
[Mon Jul 28 20:46:11.062189 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hasura/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxQAAAAA"]
[Mon Jul 28 20:46:11.103597 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /helmetjs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Helmetjs/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxwAAAAA"]
[Mon Jul 28 20:46:11.103838 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Helmetjs/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxwAAAAA"]
[Mon Jul 28 20:46:11.104015 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Helmetjs/.env"] [unique_id "aIfFc8c5NK034Azyi1-IxwAAAAA"]
[Mon Jul 28 20:46:11.124249 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /hgs-static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hgs-static/.env"] [unique_id "aIfFc8c5NK034Azyi1-IyAAAAAA"]
[Mon Jul 28 20:46:11.124485 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hgs-static/.env"] [unique_id "aIfFc8c5NK034Azyi1-IyAAAAAA"]
[Mon Jul 28 20:46:11.124659 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hgs-static/.env"] [unique_id "aIfFc8c5NK034Azyi1-IyAAAAAA"]
[Mon Jul 28 20:46:11.144946 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /higlass-website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/higlass-website/.env"] [unique_id "aIfFc8c5NK034Azyi1-IyQAAAAA"]
[Mon Jul 28 20:46:11.145929 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/higlass-website/.env"] [unique_id "aIfFc8c5NK034Azyi1-IyQAAAAA"]
[Mon Jul 28 20:46:11.146149 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/higlass-website/.env"] [unique_id "aIfFc8c5NK034Azyi1-IyQAAAAA"]
[Mon Jul 28 20:46:11.166446 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /home/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "aIfFc8c5NK034Azyi1-IygAAAAA"]
[Mon Jul 28 20:46:11.167324 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "aIfFc8c5NK034Azyi1-IygAAAAA"]
[Mon Jul 28 20:46:11.167510 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/home/.env"] [unique_id "aIfFc8c5NK034Azyi1-IygAAAAA"]
[Mon Jul 28 20:46:11.187927 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /horde/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/horde/.env"] [unique_id "aIfFc8c5NK034Azyi1-IywAAAAA"]
[Mon Jul 28 20:46:11.188164 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/horde/.env"] [unique_id "aIfFc8c5NK034Azyi1-IywAAAAA"]
[Mon Jul 28 20:46:11.188344 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/horde/.env"] [unique_id "aIfFc8c5NK034Azyi1-IywAAAAA"]
[Mon Jul 28 20:46:11.208618 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /hotpot-app-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hotpot-app-frontend/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzAAAAAA"]
[Mon Jul 28 20:46:11.208855 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hotpot-app-frontend/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzAAAAAA"]
[Mon Jul 28 20:46:11.209026 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hotpot-app-frontend/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzAAAAAA"]
[Mon Jul 28 20:46:11.229376 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/htdocs/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzQAAAAA"]
[Mon Jul 28 20:46:11.229603 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/htdocs/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzQAAAAA"]
[Mon Jul 28 20:46:11.229762 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/htdocs/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzQAAAAA"]
[Mon Jul 28 20:46:11.249973 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzgAAAAA"]
[Mon Jul 28 20:46:11.250211 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzgAAAAA"]
[Mon Jul 28 20:46:11.250397 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzgAAAAA"]
[Mon Jul 28 20:46:11.270606 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /http/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/http/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzwAAAAA"]
[Mon Jul 28 20:46:11.270826 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/http/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzwAAAAA"]
[Mon Jul 28 20:46:11.270994 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/http/.env"] [unique_id "aIfFc8c5NK034Azyi1-IzwAAAAA"]
[Mon Jul 28 20:46:11.291140 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /httpboot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/httpboot/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0AAAAAA"]
[Mon Jul 28 20:46:11.291358 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/httpboot/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0AAAAAA"]
[Mon Jul 28 20:46:11.291532 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/httpboot/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0AAAAAA"]
[Mon Jul 28 20:46:11.311742 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /httpdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/httpdocs/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0QAAAAA"]
[Mon Jul 28 20:46:11.312004 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/httpdocs/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0QAAAAA"]
[Mon Jul 28 20:46:11.312175 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/httpdocs/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0QAAAAA"]
[Mon Jul 28 20:46:11.332378 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /huniv_migration/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/HUNIV_migration/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0gAAAAA"]
[Mon Jul 28 20:46:11.332626 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/HUNIV_migration/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0gAAAAA"]
[Mon Jul 28 20:46:11.332815 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/HUNIV_migration/.env"] [unique_id "aIfFc8c5NK034Azyi1-I0gAAAAA"]
[Mon Jul 28 20:46:11.374531 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /icon/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/icon/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1AAAAAA"]
[Mon Jul 28 20:46:11.374770 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/icon/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1AAAAAA"]
[Mon Jul 28 20:46:11.374949 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/icon/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1AAAAAA"]
[Mon Jul 28 20:46:11.395313 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /icons/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/icons/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1QAAAAA"]
[Mon Jul 28 20:46:11.395539 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/icons/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1QAAAAA"]
[Mon Jul 28 20:46:11.395710 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/icons/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1QAAAAA"]
[Mon Jul 28 20:46:11.416117 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ikiwiki/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ikiwiki/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1gAAAAA"]
[Mon Jul 28 20:46:11.416338 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ikiwiki/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1gAAAAA"]
[Mon Jul 28 20:46:11.416508 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ikiwiki/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1gAAAAA"]
[Mon Jul 28 20:46:11.456609 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /image_data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/image_data/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1wAAAAA"]
[Mon Jul 28 20:46:11.456833 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/image_data/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1wAAAAA"]
[Mon Jul 28 20:46:11.457001 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/image_data/.env"] [unique_id "aIfFc8c5NK034Azyi1-I1wAAAAA"]
[Mon Jul 28 20:46:11.477253 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /imagebord/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Imagebord/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2AAAAAA"]
[Mon Jul 28 20:46:11.477457 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Imagebord/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2AAAAAA"]
[Mon Jul 28 20:46:11.477606 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Imagebord/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2AAAAAA"]
[Mon Jul 28 20:46:11.497722 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /images/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/images/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2QAAAAA"]
[Mon Jul 28 20:46:11.497932 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/images/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2QAAAAA"]
[Mon Jul 28 20:46:11.498090 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/images/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2QAAAAA"]
[Mon Jul 28 20:46:11.518880 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /img/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/img/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2gAAAAA"]
[Mon Jul 28 20:46:11.519088 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/img/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2gAAAAA"]
[Mon Jul 28 20:46:11.519235 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/img/.env"] [unique_id "aIfFc8c5NK034Azyi1-I2gAAAAA"]
[Mon Jul 28 20:46:11.581478 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aIfFc8c5NK034Azyi1-I3QAAAAA"]
[Mon Jul 28 20:46:11.581669 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aIfFc8c5NK034Azyi1-I3QAAAAA"]
[Mon Jul 28 20:46:11.581844 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aIfFc8c5NK034Azyi1-I3QAAAAA"]
[Mon Jul 28 20:46:11.856265 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /install/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/install/.env"] [unique_id "aIfFc8c5NK034Azyi1-I6gAAAAA"]
[Mon Jul 28 20:46:11.856466 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/install/.env"] [unique_id "aIfFc8c5NK034Azyi1-I6gAAAAA"]
[Mon Jul 28 20:46:11.856624 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/install/.env"] [unique_id "aIfFc8c5NK034Azyi1-I6gAAAAA"]
[Mon Jul 28 20:46:11.876720 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /instantcv/server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/InstantCV/server/.env"] [unique_id "aIfFc8c5NK034Azyi1-I6wAAAAA"]
[Mon Jul 28 20:46:11.876939 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/InstantCV/server/.env"] [unique_id "aIfFc8c5NK034Azyi1-I6wAAAAA"]
[Mon Jul 28 20:46:11.877100 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/InstantCV/server/.env"] [unique_id "aIfFc8c5NK034Azyi1-I6wAAAAA"]
[Mon Jul 28 20:46:11.980827 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /items/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/items/.env"] [unique_id "aIfFc8c5NK034Azyi1-I8AAAAAA"]
[Mon Jul 28 20:46:11.981016 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/items/.env"] [unique_id "aIfFc8c5NK034Azyi1-I8AAAAAA"]
[Mon Jul 28 20:46:11.981173 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/items/.env"] [unique_id "aIfFc8c5NK034Azyi1-I8AAAAAA"]
[Mon Jul 28 20:46:12.001394 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /javascript/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/javascript/.env"] [unique_id "aIfFdMc5NK034Azyi1-I8QAAAAA"]
[Mon Jul 28 20:46:12.001571 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/javascript/.env"] [unique_id "aIfFdMc5NK034Azyi1-I8QAAAAA"]
[Mon Jul 28 20:46:12.001716 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/javascript/.env"] [unique_id "aIfFdMc5NK034Azyi1-I8QAAAAA"]
[Mon Jul 28 20:46:12.021857 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/jenkins/.env"] [unique_id "aIfFdMc5NK034Azyi1-I8gAAAAA"]
[Mon Jul 28 20:46:12.022050 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/jenkins/.env"] [unique_id "aIfFdMc5NK034Azyi1-I8gAAAAA"]
[Mon Jul 28 20:46:12.022224 2025] [:error] [pid 1534264] [client 185.177.72.201:36186] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/jenkins/.env"] [unique_id "aIfFdMc5NK034Azyi1-I8gAAAAA"]
[Mon Jul 28 20:46:12.178611 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/joomla/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpcwAAAAY"]
[Mon Jul 28 20:46:12.178893 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/joomla/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpcwAAAAY"]
[Mon Jul 28 20:46:12.179110 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/joomla/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpcwAAAAY"]
[Mon Jul 28 20:46:12.201175 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js-plugin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js-plugin/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpdAAAAAY"]
[Mon Jul 28 20:46:12.201447 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js-plugin/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpdAAAAAY"]
[Mon Jul 28 20:46:12.201644 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js-plugin/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpdAAAAAY"]
[Mon Jul 28 20:46:12.383680 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jsrelay/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/jsrelay/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfAAAAAY"]
[Mon Jul 28 20:46:12.383863 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/jsrelay/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfAAAAAY"]
[Mon Jul 28 20:46:12.384023 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/jsrelay/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfAAAAAY"]
[Mon Jul 28 20:46:12.405807 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jupyter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/jupyter/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfQAAAAY"]
[Mon Jul 28 20:46:12.405990 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/jupyter/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfQAAAAY"]
[Mon Jul 28 20:46:12.406173 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/jupyter/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfQAAAAY"]
[Mon Jul 28 20:46:12.428336 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /khanlinks/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/khanlinks/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfgAAAAY"]
[Mon Jul 28 20:46:12.428546 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/khanlinks/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfgAAAAY"]
[Mon Jul 28 20:46:12.428729 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/khanlinks/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfgAAAAY"]
[Mon Jul 28 20:46:12.450557 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kibana/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kibana/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfwAAAAY"]
[Mon Jul 28 20:46:12.450753 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kibana/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfwAAAAY"]
[Mon Jul 28 20:46:12.450931 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kibana/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpfwAAAAY"]
[Mon Jul 28 20:46:12.474072 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kodenames-server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kodenames-server/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgAAAAAY"]
[Mon Jul 28 20:46:12.474291 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kodenames-server/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgAAAAAY"]
[Mon Jul 28 20:46:12.474491 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kodenames-server/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgAAAAAY"]
[Mon Jul 28 20:46:12.496416 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kolab-syncroton/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kolab-syncroton/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgQAAAAY"]
[Mon Jul 28 20:46:12.496635 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kolab-syncroton/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgQAAAAY"]
[Mon Jul 28 20:46:12.496819 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kolab-syncroton/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgQAAAAY"]
[Mon Jul 28 20:46:12.518686 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Kubernetes/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpggAAAAY"]
[Mon Jul 28 20:46:12.518905 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Kubernetes/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpggAAAAY"]
[Mon Jul 28 20:46:12.519069 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Kubernetes/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpggAAAAY"]
[Mon Jul 28 20:46:12.540811 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgwAAAAY"]
[Mon Jul 28 20:46:12.541009 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgwAAAAY"]
[Mon Jul 28 20:46:12.541171 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpgwAAAAY"]
[Mon Jul 28 20:46:12.590022 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphQAAAAY"]
[Mon Jul 28 20:46:12.590238 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphQAAAAY"]
[Mon Jul 28 20:46:12.590424 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphQAAAAY"]
[Mon Jul 28 20:46:12.612341 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lambda/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphgAAAAY"]
[Mon Jul 28 20:46:12.612557 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphgAAAAY"]
[Mon Jul 28 20:46:12.612747 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphgAAAAY"]
[Mon Jul 28 20:46:12.634621 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /latest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/latest/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphwAAAAY"]
[Mon Jul 28 20:46:12.634828 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/latest/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphwAAAAY"]
[Mon Jul 28 20:46:12.634997 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/latest/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MphwAAAAY"]
[Mon Jul 28 20:46:12.656739 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /layout/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiAAAAAY"]
[Mon Jul 28 20:46:12.656927 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiAAAAAY"]
[Mon Jul 28 20:46:12.657098 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/layout/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiAAAAAY"]
[Mon Jul 28 20:46:12.679020 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lcomernbootcamp/projbackend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lcomernbootcamp/projbackend/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiQAAAAY"]
[Mon Jul 28 20:46:12.679253 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lcomernbootcamp/projbackend/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiQAAAAY"]
[Mon Jul 28 20:46:12.679430 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lcomernbootcamp/projbackend/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiQAAAAY"]
[Mon Jul 28 20:46:12.701278 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /leafer-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/leafer-app/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpigAAAAY"]
[Mon Jul 28 20:46:12.701482 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/leafer-app/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpigAAAAY"]
[Mon Jul 28 20:46:12.701658 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/leafer-app/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpigAAAAY"]
[Mon Jul 28 20:46:12.723544 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ledger_sync/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ledger_sync/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiwAAAAY"]
[Mon Jul 28 20:46:12.723786 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ledger_sync/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiwAAAAY"]
[Mon Jul 28 20:46:12.723978 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ledger_sync/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpiwAAAAY"]
[Mon Jul 28 20:46:12.804910 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /legal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/legal/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpjgAAAAY"]
[Mon Jul 28 20:46:12.805128 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/legal/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpjgAAAAY"]
[Mon Jul 28 20:46:12.805303 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/legal/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpjgAAAAY"]
[Mon Jul 28 20:46:12.827395 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lemonldap-ng-doc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lemonldap-ng-doc/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpjwAAAAY"]
[Mon Jul 28 20:46:12.827631 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lemonldap-ng-doc/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpjwAAAAY"]
[Mon Jul 28 20:46:12.827817 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lemonldap-ng-doc/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpjwAAAAY"]
[Mon Jul 28 20:46:12.849904 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lemonldap-ng-fr-doc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lemonldap-ng-fr-doc/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkAAAAAY"]
[Mon Jul 28 20:46:12.850124 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lemonldap-ng-fr-doc/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkAAAAAY"]
[Mon Jul 28 20:46:12.850298 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lemonldap-ng-fr-doc/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkAAAAAY"]
[Mon Jul 28 20:46:12.872281 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /letsencrypt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/letsencrypt/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkQAAAAY"]
[Mon Jul 28 20:46:12.872508 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/letsencrypt/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkQAAAAY"]
[Mon Jul 28 20:46:12.872677 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/letsencrypt/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkQAAAAY"]
[Mon Jul 28 20:46:12.894665 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkgAAAAY"]
[Mon Jul 28 20:46:12.894858 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkgAAAAY"]
[Mon Jul 28 20:46:12.895007 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MpkgAAAAY"]
[Mon Jul 28 20:46:12.940425 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /libraries/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/libraries/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplAAAAAY"]
[Mon Jul 28 20:46:12.940609 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/libraries/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplAAAAAY"]
[Mon Jul 28 20:46:12.940775 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/libraries/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplAAAAAY"]
[Mon Jul 28 20:46:12.971738 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Library/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplQAAAAY"]
[Mon Jul 28 20:46:12.971928 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Library/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplQAAAAY"]
[Mon Jul 28 20:46:12.972085 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Library/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplQAAAAY"]
[Mon Jul 28 20:46:12.993875 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /libs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/libs/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplgAAAAY"]
[Mon Jul 28 20:46:12.994055 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/libs/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplgAAAAY"]
[Mon Jul 28 20:46:12.994218 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/libs/.env"] [unique_id "aIfFdDL8UeZoGBgNh2MplgAAAAY"]
[Mon Jul 28 20:46:13.061444 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /linux/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/linux/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpmQAAAAY"]
[Mon Jul 28 20:46:13.061633 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/linux/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpmQAAAAY"]
[Mon Jul 28 20:46:13.061795 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/linux/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpmQAAAAY"]
[Mon Jul 28 20:46:13.106290 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /localhost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/localhost/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpmwAAAAY"]
[Mon Jul 28 20:46:13.106482 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/localhost/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpmwAAAAY"]
[Mon Jul 28 20:46:13.106654 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/localhost/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpmwAAAAY"]
[Mon Jul 28 20:46:13.129394 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /locally/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/locally/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpnAAAAAY"]
[Mon Jul 28 20:46:13.129574 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/locally/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpnAAAAAY"]
[Mon Jul 28 20:46:13.129731 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/locally/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpnAAAAAY"]
[Mon Jul 28 20:46:13.174189 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /log/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/log/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpngAAAAY"]
[Mon Jul 28 20:46:13.174533 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/log/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpngAAAAY"]
[Mon Jul 28 20:46:13.174719 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/log/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpngAAAAY"]
[Mon Jul 28 20:46:13.196449 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/log/development.log"] [unique_id "aIfFdTL8UeZoGBgNh2MpnwAAAAY"]
[Mon Jul 28 20:46:13.196745 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/log/development.log"] [unique_id "aIfFdTL8UeZoGBgNh2MpnwAAAAY"]
[Mon Jul 28 20:46:13.196910 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/log/development.log"] [unique_id "aIfFdTL8UeZoGBgNh2MpnwAAAAY"]
[Mon Jul 28 20:46:13.218802 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/logging/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpoAAAAAY"]
[Mon Jul 28 20:46:13.219013 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logging/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpoAAAAAY"]
[Mon Jul 28 20:46:13.219186 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logging/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpoAAAAAY"]
[Mon Jul 28 20:46:13.264310 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpogAAAAY"]
[Mon Jul 28 20:46:13.264524 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpogAAAAY"]
[Mon Jul 28 20:46:13.264704 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/login/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpogAAAAY"]
[Mon Jul 28 20:46:13.309307 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MppAAAAAY"]
[Mon Jul 28 20:46:13.309504 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MppAAAAAY"]
[Mon Jul 28 20:46:13.309671 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MppAAAAAY"]
[Mon Jul 28 20:46:13.331299 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/access.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppQAAAAY"]
[Mon Jul 28 20:46:13.331594 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/access.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppQAAAAY"]
[Mon Jul 28 20:46:13.331768 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/access.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppQAAAAY"]
[Mon Jul 28 20:46:13.353506 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppgAAAAY"]
[Mon Jul 28 20:46:13.353796 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppgAAAAY"]
[Mon Jul 28 20:46:13.353959 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppgAAAAY"]
[Mon Jul 28 20:46:13.375750 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppwAAAAY"]
[Mon Jul 28 20:46:13.376081 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppwAAAAY"]
[Mon Jul 28 20:46:13.376269 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aIfFdTL8UeZoGBgNh2MppwAAAAY"]
[Mon Jul 28 20:46:13.398183 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/magento/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqAAAAAY"]
[Mon Jul 28 20:46:13.398407 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/magento/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqAAAAAY"]
[Mon Jul 28 20:46:13.398582 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/magento/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqAAAAAY"]
[Mon Jul 28 20:46:13.420584 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailinabox/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailinabox/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqQAAAAY"]
[Mon Jul 28 20:46:13.420783 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailinabox/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqQAAAAY"]
[Mon Jul 28 20:46:13.420948 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailinabox/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqQAAAAY"]
[Mon Jul 28 20:46:13.442857 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailman/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailman/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqgAAAAY"]
[Mon Jul 28 20:46:13.443055 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailman/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqgAAAAY"]
[Mon Jul 28 20:46:13.443232 2025] [:error] [pid 1534266] [client 185.177.72.201:36190] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailman/.env"] [unique_id "aIfFdTL8UeZoGBgNh2MpqgAAAAY"]
[Mon Jul 28 20:46:14.081581 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main_user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main_user/.env"] [unique_id "aIfFdl4f-9g1kJksHwueKQAAAAk"]
[Mon Jul 28 20:46:14.081805 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main_user/.env"] [unique_id "aIfFdl4f-9g1kJksHwueKQAAAAk"]
[Mon Jul 28 20:46:14.081948 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main_user/.env"] [unique_id "aIfFdl4f-9g1kJksHwueKQAAAAk"]
[Mon Jul 28 20:46:14.150213 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /manual/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/manual/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLAAAAAk"]
[Mon Jul 28 20:46:14.150464 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/manual/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLAAAAAk"]
[Mon Jul 28 20:46:14.150606 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/manual/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLAAAAAk"]
[Mon Jul 28 20:46:14.189307 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /master/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/master/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLQAAAAk"]
[Mon Jul 28 20:46:14.189520 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/master/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLQAAAAk"]
[Mon Jul 28 20:46:14.189697 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/master/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLQAAAAk"]
[Mon Jul 28 20:46:14.211958 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLgAAAAk"]
[Mon Jul 28 20:46:14.212160 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLgAAAAk"]
[Mon Jul 28 20:46:14.212315 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/media/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLgAAAAk"]
[Mon Jul 28 20:46:14.234485 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /memcached/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/memcached/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLwAAAAk"]
[Mon Jul 28 20:46:14.234704 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/memcached/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLwAAAAk"]
[Mon Jul 28 20:46:14.234855 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/memcached/.env"] [unique_id "aIfFdl4f-9g1kJksHwueLwAAAAk"]
[Mon Jul 28 20:46:14.257123 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mentorg-lava-docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mentorg-lava-docker/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMAAAAAk"]
[Mon Jul 28 20:46:14.257316 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mentorg-lava-docker/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMAAAAAk"]
[Mon Jul 28 20:46:14.257464 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mentorg-lava-docker/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMAAAAAk"]
[Mon Jul 28 20:46:14.279494 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /micro-app-react-communication/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/micro-app-react-communication/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMQAAAAk"]
[Mon Jul 28 20:46:14.279694 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/micro-app-react-communication/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMQAAAAk"]
[Mon Jul 28 20:46:14.279857 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/micro-app-react-communication/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMQAAAAk"]
[Mon Jul 28 20:46:14.302085 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /micro-app-react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/micro-app-react/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMgAAAAk"]
[Mon Jul 28 20:46:14.302284 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/micro-app-react/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMgAAAAk"]
[Mon Jul 28 20:46:14.302481 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/micro-app-react/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMgAAAAk"]
[Mon Jul 28 20:46:14.324604 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mindsweeper/gui/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mindsweeper/gui/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMwAAAAk"]
[Mon Jul 28 20:46:14.324800 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mindsweeper/gui/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMwAAAAk"]
[Mon Jul 28 20:46:14.324971 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mindsweeper/gui/.env"] [unique_id "aIfFdl4f-9g1kJksHwueMwAAAAk"]
[Mon Jul 28 20:46:14.347057 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /minified/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/minified/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNAAAAAk"]
[Mon Jul 28 20:46:14.347236 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/minified/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNAAAAAk"]
[Mon Jul 28 20:46:14.347384 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/minified/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNAAAAAk"]
[Mon Jul 28 20:46:14.369522 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /misc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/misc/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNQAAAAk"]
[Mon Jul 28 20:46:14.369705 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/misc/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNQAAAAk"]
[Mon Jul 28 20:46:14.369875 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/misc/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNQAAAAk"]
[Mon Jul 28 20:46:14.392031 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modix/clientapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Modix/ClientApp/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNgAAAAk"]
[Mon Jul 28 20:46:14.392222 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Modix/ClientApp/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNgAAAAk"]
[Mon Jul 28 20:46:14.392385 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Modix/ClientApp/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNgAAAAk"]
[Mon Jul 28 20:46:14.414734 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /monerod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/monerod/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNwAAAAk"]
[Mon Jul 28 20:46:14.414966 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/monerod/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNwAAAAk"]
[Mon Jul 28 20:46:14.415145 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/monerod/.env"] [unique_id "aIfFdl4f-9g1kJksHwueNwAAAAk"]
[Mon Jul 28 20:46:14.437601 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/config/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mongodb/config/dev/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOAAAAAk"]
[Mon Jul 28 20:46:14.437838 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mongodb/config/dev/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOAAAAAk"]
[Mon Jul 28 20:46:14.438032 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mongodb/config/dev/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOAAAAAk"]
[Mon Jul 28 20:46:14.460435 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /monitoring/compose/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/monitoring/compose/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOQAAAAk"]
[Mon Jul 28 20:46:14.460666 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/monitoring/compose/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOQAAAAk"]
[Mon Jul 28 20:46:14.460861 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/monitoring/compose/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOQAAAAk"]
[Mon Jul 28 20:46:14.483294 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /moodledata/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/moodledata/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOgAAAAk"]
[Mon Jul 28 20:46:14.483537 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/moodledata/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOgAAAAk"]
[Mon Jul 28 20:46:14.483733 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/moodledata/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOgAAAAk"]
[Mon Jul 28 20:46:14.506044 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /msks/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/msks/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOwAAAAk"]
[Mon Jul 28 20:46:14.506248 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/msks/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOwAAAAk"]
[Mon Jul 28 20:46:14.506429 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/msks/.env"] [unique_id "aIfFdl4f-9g1kJksHwueOwAAAAk"]
[Mon Jul 28 20:46:14.528748 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /munki_repo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/munki_repo/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePAAAAAk"]
[Mon Jul 28 20:46:14.529031 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/munki_repo/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePAAAAAk"]
[Mon Jul 28 20:46:14.529218 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/munki_repo/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePAAAAAk"]
[Mon Jul 28 20:46:14.551319 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /music/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/music/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePQAAAAk"]
[Mon Jul 28 20:46:14.551516 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/music/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePQAAAAk"]
[Mon Jul 28 20:46:14.551686 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/music/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePQAAAAk"]
[Mon Jul 28 20:46:14.573907 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myrentals.web/clientapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/MyRentals.Web/ClientApp/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePgAAAAk"]
[Mon Jul 28 20:46:14.574113 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/MyRentals.Web/ClientApp/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePgAAAAk"]
[Mon Jul 28 20:46:14.574277 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/MyRentals.Web/ClientApp/.env"] [unique_id "aIfFdl4f-9g1kJksHwuePgAAAAk"]
[Mon Jul 28 20:46:14.619378 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /name/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/name/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQAAAAAk"]
[Mon Jul 28 20:46:14.619567 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/name/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQAAAAAk"]
[Mon Jul 28 20:46:14.619720 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/name/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQAAAAAk"]
[Mon Jul 28 20:46:14.642154 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nest/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQQAAAAk"]
[Mon Jul 28 20:46:14.642384 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nest/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQQAAAAk"]
[Mon Jul 28 20:46:14.642551 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nest/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQQAAAAk"]
[Mon Jul 28 20:46:14.688033 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new-js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new-js/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQwAAAAk"]
[Mon Jul 28 20:46:14.688245 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new-js/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQwAAAAk"]
[Mon Jul 28 20:46:14.688426 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new-js/.env"] [unique_id "aIfFdl4f-9g1kJksHwueQwAAAAk"]
[Mon Jul 28 20:46:14.734270 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /news-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/news-app/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRQAAAAk"]
[Mon Jul 28 20:46:14.734523 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/news-app/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRQAAAAk"]
[Mon Jul 28 20:46:14.734696 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/news-app/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRQAAAAk"]
[Mon Jul 28 20:46:14.757100 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/next/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRgAAAAk"]
[Mon Jul 28 20:46:14.757334 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/next/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRgAAAAk"]
[Mon Jul 28 20:46:14.757509 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/next/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRgAAAAk"]
[Mon Jul 28 20:46:14.797188 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx-server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx-server/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRwAAAAk"]
[Mon Jul 28 20:46:14.797436 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx-server/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRwAAAAk"]
[Mon Jul 28 20:46:14.797647 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx-server/.env"] [unique_id "aIfFdl4f-9g1kJksHwueRwAAAAk"]
[Mon Jul 28 20:46:14.820124 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /niffler-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/niffler-frontend/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSAAAAAk"]
[Mon Jul 28 20:46:14.820362 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/niffler-frontend/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSAAAAAk"]
[Mon Jul 28 20:46:14.820535 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/niffler-frontend/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSAAAAAk"]
[Mon Jul 28 20:46:14.842926 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSQAAAAk"]
[Mon Jul 28 20:46:14.843183 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSQAAAAk"]
[Mon Jul 28 20:46:14.843377 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSQAAAAk"]
[Mon Jul 28 20:46:14.865620 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodejs-projects/play-ground/login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Nodejs-Projects/play-ground/login/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSgAAAAk"]
[Mon Jul 28 20:46:14.865831 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Nodejs-Projects/play-ground/login/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSgAAAAk"]
[Mon Jul 28 20:46:14.865982 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Nodejs-Projects/play-ground/login/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSgAAAAk"]
[Mon Jul 28 20:46:14.891285 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodejs-projects/play-ground/manageuserroles/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Nodejs-Projects/play-ground/ManageUserRoles/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSwAAAAk"]
[Mon Jul 28 20:46:14.891506 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Nodejs-Projects/play-ground/ManageUserRoles/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSwAAAAk"]
[Mon Jul 28 20:46:14.891697 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Nodejs-Projects/play-ground/ManageUserRoles/.env"] [unique_id "aIfFdl4f-9g1kJksHwueSwAAAAk"]
[Mon Jul 28 20:46:14.914006 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /novnc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/noVNC/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTAAAAAk"]
[Mon Jul 28 20:46:14.914231 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/noVNC/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTAAAAAk"]
[Mon Jul 28 20:46:14.914419 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/noVNC/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTAAAAAk"]
[Mon Jul 28 20:46:14.959796 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuke.app.ui/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Nuke.App.Ui/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTgAAAAk"]
[Mon Jul 28 20:46:14.959989 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Nuke.App.Ui/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTgAAAAk"]
[Mon Jul 28 20:46:14.960127 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Nuke.App.Ui/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTgAAAAk"]
[Mon Jul 28 20:46:14.982264 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nuxt/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTwAAAAk"]
[Mon Jul 28 20:46:14.982457 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nuxt/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTwAAAAk"]
[Mon Jul 28 20:46:14.982601 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nuxt/.env"] [unique_id "aIfFdl4f-9g1kJksHwueTwAAAAk"]
[Mon Jul 28 20:46:15.097084 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aIfFd14f-9g1kJksHwueVAAAAAk"]
[Mon Jul 28 20:46:15.097273 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aIfFd14f-9g1kJksHwueVAAAAAk"]
[Mon Jul 28 20:46:15.097435 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aIfFd14f-9g1kJksHwueVAAAAAk"]
[Mon Jul 28 20:46:15.165680 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /oldsanta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/oldsanta/.env"] [unique_id "aIfFd14f-9g1kJksHwueVwAAAAk"]
[Mon Jul 28 20:46:15.165874 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/oldsanta/.env"] [unique_id "aIfFd14f-9g1kJksHwueVwAAAAk"]
[Mon Jul 28 20:46:15.166034 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/oldsanta/.env"] [unique_id "aIfFd14f-9g1kJksHwueVwAAAAk"]
[Mon Jul 28 20:46:15.188150 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opencart/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/opencart/.env"] [unique_id "aIfFd14f-9g1kJksHwueWAAAAAk"]
[Mon Jul 28 20:46:15.188434 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/opencart/.env"] [unique_id "aIfFd14f-9g1kJksHwueWAAAAAk"]
[Mon Jul 28 20:46:15.188599 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/opencart/.env"] [unique_id "aIfFd14f-9g1kJksHwueWAAAAAk"]
[Mon Jul 28 20:46:15.213193 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ops/vagrant/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ops/vagrant/.env"] [unique_id "aIfFd14f-9g1kJksHwueWQAAAAk"]
[Mon Jul 28 20:46:15.213394 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ops/vagrant/.env"] [unique_id "aIfFd14f-9g1kJksHwueWQAAAAk"]
[Mon Jul 28 20:46:15.213545 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ops/vagrant/.env"] [unique_id "aIfFd14f-9g1kJksHwueWQAAAAk"]
[Mon Jul 28 20:46:15.235684 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /option/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/option/.env"] [unique_id "aIfFd14f-9g1kJksHwueWgAAAAk"]
[Mon Jul 28 20:46:15.235863 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/option/.env"] [unique_id "aIfFd14f-9g1kJksHwueWgAAAAk"]
[Mon Jul 28 20:46:15.236017 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/option/.env"] [unique_id "aIfFd14f-9g1kJksHwueWgAAAAk"]
[Mon Jul 28 20:46:15.258165 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /orientdb-client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/orientdb-client/.env"] [unique_id "aIfFd14f-9g1kJksHwueWwAAAAk"]
[Mon Jul 28 20:46:15.258369 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/orientdb-client/.env"] [unique_id "aIfFd14f-9g1kJksHwueWwAAAAk"]
[Mon Jul 28 20:46:15.258519 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/orientdb-client/.env"] [unique_id "aIfFd14f-9g1kJksHwueWwAAAAk"]
[Mon Jul 28 20:46:15.280738 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /outputs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/outputs/.env"] [unique_id "aIfFd14f-9g1kJksHwueXAAAAAk"]
[Mon Jul 28 20:46:15.280925 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/outputs/.env"] [unique_id "aIfFd14f-9g1kJksHwueXAAAAAk"]
[Mon Jul 28 20:46:15.281083 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/outputs/.env"] [unique_id "aIfFd14f-9g1kJksHwueXAAAAAk"]
[Mon Jul 28 20:46:15.303248 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /owncloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/owncloud/.env"] [unique_id "aIfFd14f-9g1kJksHwueXQAAAAk"]
[Mon Jul 28 20:46:15.303470 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/owncloud/.env"] [unique_id "aIfFd14f-9g1kJksHwueXQAAAAk"]
[Mon Jul 28 20:46:15.303638 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/owncloud/.env"] [unique_id "aIfFd14f-9g1kJksHwueXQAAAAk"]
[Mon Jul 28 20:46:15.348855 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/styled-ui-docs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/styled-ui-docs/.env"] [unique_id "aIfFd14f-9g1kJksHwueXwAAAAk"]
[Mon Jul 28 20:46:15.349049 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/styled-ui-docs/.env"] [unique_id "aIfFd14f-9g1kJksHwueXwAAAAk"]
[Mon Jul 28 20:46:15.349200 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/styled-ui-docs/.env"] [unique_id "aIfFd14f-9g1kJksHwueXwAAAAk"]
[Mon Jul 28 20:46:15.371661 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/web/.env"] [unique_id "aIfFd14f-9g1kJksHwueYAAAAAk"]
[Mon Jul 28 20:46:15.371990 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/web/.env"] [unique_id "aIfFd14f-9g1kJksHwueYAAAAAk"]
[Mon Jul 28 20:46:15.372197 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/packages/web/.env"] [unique_id "aIfFd14f-9g1kJksHwueYAAAAAk"]
[Mon Jul 28 20:46:15.394302 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packed/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/packed/.env"] [unique_id "aIfFd14f-9g1kJksHwueYQAAAAk"]
[Mon Jul 28 20:46:15.394528 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/packed/.env"] [unique_id "aIfFd14f-9g1kJksHwueYQAAAAk"]
[Mon Jul 28 20:46:15.394692 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/packed/.env"] [unique_id "aIfFd14f-9g1kJksHwueYQAAAAk"]
[Mon Jul 28 20:46:15.417741 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /page-editor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/page-editor/.env"] [unique_id "aIfFd14f-9g1kJksHwueYgAAAAk"]
[Mon Jul 28 20:46:15.417928 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/page-editor/.env"] [unique_id "aIfFd14f-9g1kJksHwueYgAAAAk"]
[Mon Jul 28 20:46:15.418092 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/page-editor/.env"] [unique_id "aIfFd14f-9g1kJksHwueYgAAAAk"]
[Mon Jul 28 20:46:15.440234 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.env"] [unique_id "aIfFd14f-9g1kJksHwueYwAAAAk"]
[Mon Jul 28 20:46:15.440420 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.env"] [unique_id "aIfFd14f-9g1kJksHwueYwAAAAk"]
[Mon Jul 28 20:46:15.440569 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/panel/.env"] [unique_id "aIfFd14f-9g1kJksHwueYwAAAAk"]
[Mon Jul 28 20:46:15.462682 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /parity/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/parity/.env"] [unique_id "aIfFd14f-9g1kJksHwueZAAAAAk"]
[Mon Jul 28 20:46:15.462859 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/parity/.env"] [unique_id "aIfFd14f-9g1kJksHwueZAAAAAk"]
[Mon Jul 28 20:46:15.463023 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/parity/.env"] [unique_id "aIfFd14f-9g1kJksHwueZAAAAAk"]
[Mon Jul 28 20:46:15.487183 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /passportjs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Passportjs/.env"] [unique_id "aIfFd14f-9g1kJksHwueZQAAAAk"]
[Mon Jul 28 20:46:15.487368 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Passportjs/.env"] [unique_id "aIfFd14f-9g1kJksHwueZQAAAAk"]
[Mon Jul 28 20:46:15.487539 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Passportjs/.env"] [unique_id "aIfFd14f-9g1kJksHwueZQAAAAk"]
[Mon Jul 28 20:46:15.509663 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /patchwork/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/patchwork/.env"] [unique_id "aIfFd14f-9g1kJksHwueZgAAAAk"]
[Mon Jul 28 20:46:15.509881 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/patchwork/.env"] [unique_id "aIfFd14f-9g1kJksHwueZgAAAAk"]
[Mon Jul 28 20:46:15.510048 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/patchwork/.env"] [unique_id "aIfFd14f-9g1kJksHwueZgAAAAk"]
[Mon Jul 28 20:46:15.533242 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/path/.env"] [unique_id "aIfFd14f-9g1kJksHwueZwAAAAk"]
[Mon Jul 28 20:46:15.533471 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/path/.env"] [unique_id "aIfFd14f-9g1kJksHwueZwAAAAk"]
[Mon Jul 28 20:46:15.533635 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/path/.env"] [unique_id "aIfFd14f-9g1kJksHwueZwAAAAk"]
[Mon Jul 28 20:46:15.555651 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /pfbe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/pfbe/.env"] [unique_id "aIfFd14f-9g1kJksHwueaAAAAAk"]
[Mon Jul 28 20:46:15.555849 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pfbe/.env"] [unique_id "aIfFd14f-9g1kJksHwueaAAAAAk"]
[Mon Jul 28 20:46:15.555999 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pfbe/.env"] [unique_id "aIfFd14f-9g1kJksHwueaAAAAAk"]
[Mon Jul 28 20:46:15.578764 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php.ini"] [unique_id "aIfFd14f-9g1kJksHwueaQAAAAk"]
[Mon Jul 28 20:46:15.579043 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php.ini"] [unique_id "aIfFd14f-9g1kJksHwueaQAAAAk"]
[Mon Jul 28 20:46:15.579195 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php.ini"] [unique_id "aIfFd14f-9g1kJksHwueaQAAAAk"]
[Mon Jul 28 20:46:16.261308 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /pictures/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/pictures/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehQAAAAk"]
[Mon Jul 28 20:46:16.261507 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pictures/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehQAAAAk"]
[Mon Jul 28 20:46:16.261674 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pictures/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehQAAAAk"]
[Mon Jul 28 20:46:16.284850 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /platform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehgAAAAk"]
[Mon Jul 28 20:46:16.285043 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehgAAAAk"]
[Mon Jul 28 20:46:16.285199 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehgAAAAk"]
[Mon Jul 28 20:46:16.307480 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /playground/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/playground/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehwAAAAk"]
[Mon Jul 28 20:46:16.307690 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/playground/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehwAAAAk"]
[Mon Jul 28 20:46:16.307856 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/playground/.env"] [unique_id "aIfFeF4f-9g1kJksHwuehwAAAAk"]
[Mon Jul 28 20:46:16.330196 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugin_static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugin_static/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiAAAAAk"]
[Mon Jul 28 20:46:16.330436 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugin_static/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiAAAAAk"]
[Mon Jul 28 20:46:16.330622 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugin_static/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiAAAAAk"]
[Mon Jul 28 20:46:16.353801 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiQAAAAk"]
[Mon Jul 28 20:46:16.354008 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiQAAAAk"]
[Mon Jul 28 20:46:16.354169 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiQAAAAk"]
[Mon Jul 28 20:46:16.376389 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /post-deployment/.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/post-deployment/.vscode/.env"] [unique_id "aIfFeF4f-9g1kJksHwueigAAAAk"]
[Mon Jul 28 20:46:16.376592 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/post-deployment/.vscode/.env"] [unique_id "aIfFeF4f-9g1kJksHwueigAAAAk"]
[Mon Jul 28 20:46:16.376755 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/post-deployment/.vscode/.env"] [unique_id "aIfFeF4f-9g1kJksHwueigAAAAk"]
[Mon Jul 28 20:46:16.398916 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postfixadmin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/postfixadmin/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiwAAAAk"]
[Mon Jul 28 20:46:16.399112 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/postfixadmin/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiwAAAAk"]
[Mon Jul 28 20:46:16.399273 2025] [:error] [pid 1534267] [client 185.177.72.201:36204] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/postfixadmin/.env"] [unique_id "aIfFeF4f-9g1kJksHwueiwAAAAk"]
[Mon Jul 28 20:46:16.510456 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview-env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/preview-env/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNAAAAAQ"]
[Mon Jul 28 20:46:16.510692 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/preview-env/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNAAAAAQ"]
[Mon Jul 28 20:46:16.510860 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/preview-env/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNAAAAAQ"]
[Mon Jul 28 20:46:16.533203 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/preview/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNQAAAAQ"]
[Mon Jul 28 20:46:16.533454 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/preview/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNQAAAAQ"]
[Mon Jul 28 20:46:16.533644 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/preview/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNQAAAAQ"]
[Mon Jul 28 20:46:16.555924 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /price_hawk_client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/price_hawk_client/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNgAAAAQ"]
[Mon Jul 28 20:46:16.556126 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/price_hawk_client/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNgAAAAQ"]
[Mon Jul 28 20:46:16.556285 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/price_hawk_client/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNgAAAAQ"]
[Mon Jul 28 20:46:16.578515 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prisma/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prisma/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNwAAAAQ"]
[Mon Jul 28 20:46:16.578706 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prisma/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNwAAAAQ"]
[Mon Jul 28 20:46:16.578869 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prisma/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNNwAAAAQ"]
[Mon Jul 28 20:46:16.600925 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aIfFeOXeAg5fi4n6U5fNOAAAAAQ"]
[Mon Jul 28 20:46:16.601198 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aIfFeOXeAg5fi4n6U5fNOAAAAAQ"]
[Mon Jul 28 20:46:16.601354 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aIfFeOXeAg5fi4n6U5fNOAAAAAQ"]
[Mon Jul 28 20:46:16.623518 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /processor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/processor/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNOQAAAAQ"]
[Mon Jul 28 20:46:16.623717 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/processor/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNOQAAAAQ"]
[Mon Jul 28 20:46:16.623896 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/processor/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNOQAAAAQ"]
[Mon Jul 28 20:46:16.669672 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNOwAAAAQ"]
[Mon Jul 28 20:46:16.669863 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNOwAAAAQ"]
[Mon Jul 28 20:46:16.670030 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNOwAAAAQ"]
[Mon Jul 28 20:46:16.692263 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aIfFeOXeAg5fi4n6U5fNPAAAAAQ"]
[Mon Jul 28 20:46:16.692455 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aIfFeOXeAg5fi4n6U5fNPAAAAAQ"]
[Mon Jul 28 20:46:16.692618 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/product/.env.staging"] [unique_id "aIfFeOXeAg5fi4n6U5fNPAAAAAQ"]
[Mon Jul 28 20:46:16.715009 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /projbackend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/projbackend/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPQAAAAQ"]
[Mon Jul 28 20:46:16.715225 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/projbackend/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPQAAAAQ"]
[Mon Jul 28 20:46:16.715403 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/projbackend/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPQAAAAQ"]
[Mon Jul 28 20:46:16.754628 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPgAAAAQ"]
[Mon Jul 28 20:46:16.754854 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPgAAAAQ"]
[Mon Jul 28 20:46:16.755045 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/project/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPgAAAAQ"]
[Mon Jul 28 20:46:16.777366 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project_root/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/project_root/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPwAAAAQ"]
[Mon Jul 28 20:46:16.777591 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/project_root/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPwAAAAQ"]
[Mon Jul 28 20:46:16.777761 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/project_root/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNPwAAAAQ"]
[Mon Jul 28 20:46:16.800152 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protected/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/protected/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQAAAAAQ"]
[Mon Jul 28 20:46:16.800362 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/protected/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQAAAAAQ"]
[Mon Jul 28 20:46:16.800526 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/protected/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQAAAAAQ"]
[Mon Jul 28 20:46:16.822714 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQQAAAAQ"]
[Mon Jul 28 20:46:16.822914 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQQAAAAQ"]
[Mon Jul 28 20:46:16.823071 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQQAAAAQ"]
[Mon Jul 28 20:46:16.845164 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /pt2/countries/src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/pt2/countries/src/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQgAAAAQ"]
[Mon Jul 28 20:46:16.845375 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pt2/countries/src/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQgAAAAQ"]
[Mon Jul 28 20:46:16.845531 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pt2/countries/src/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQgAAAAQ"]
[Mon Jul 28 20:46:16.867715 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /pt8/library-backend-gql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/pt8/library-backend-gql/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQwAAAAQ"]
[Mon Jul 28 20:46:16.867913 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pt8/library-backend-gql/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQwAAAAQ"]
[Mon Jul 28 20:46:16.868067 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pt8/library-backend-gql/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNQwAAAAQ"]
[Mon Jul 28 20:46:16.890229 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /pub/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/pub/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRAAAAAQ"]
[Mon Jul 28 20:46:16.890444 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pub/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRAAAAAQ"]
[Mon Jul 28 20:46:16.890603 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pub/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRAAAAAQ"]
[Mon Jul 28 20:46:16.936014 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRgAAAAQ"]
[Mon Jul 28 20:46:16.936232 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRgAAAAQ"]
[Mon Jul 28 20:46:16.936409 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public_html/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRgAAAAQ"]
[Mon Jul 28 20:46:16.958587 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_root/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public_root/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRwAAAAQ"]
[Mon Jul 28 20:46:16.958799 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public_root/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRwAAAAQ"]
[Mon Jul 28 20:46:16.958992 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public_root/.env"] [unique_id "aIfFeOXeAg5fi4n6U5fNRwAAAAQ"]
[Mon Jul 28 20:46:17.028583 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /question2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/question2/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNSgAAAAQ"]
[Mon Jul 28 20:46:17.028817 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/question2/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNSgAAAAQ"]
[Mon Jul 28 20:46:17.028982 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/question2/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNSgAAAAQ"]
[Mon Jul 28 20:46:17.051463 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qv-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/qv-frontend/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNSwAAAAQ"]
[Mon Jul 28 20:46:17.051699 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/qv-frontend/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNSwAAAAQ"]
[Mon Jul 28 20:46:17.051889 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/qv-frontend/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNSwAAAAQ"]
[Mon Jul 28 20:46:17.074282 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq-cluster/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rabbitmq-cluster/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTAAAAAQ"]
[Mon Jul 28 20:46:17.074561 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rabbitmq-cluster/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTAAAAAQ"]
[Mon Jul 28 20:46:17.074777 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rabbitmq-cluster/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTAAAAAQ"]
[Mon Jul 28 20:46:17.097154 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rails-api/react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rails-api/react-app/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTQAAAAQ"]
[Mon Jul 28 20:46:17.097382 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rails-api/react-app/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTQAAAAQ"]
[Mon Jul 28 20:46:17.097559 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rails-api/react-app/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTQAAAAQ"]
[Mon Jul 28 20:46:17.119922 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rails/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rails/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTgAAAAQ"]
[Mon Jul 28 20:46:17.120153 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rails/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTgAAAAQ"]
[Mon Jul 28 20:46:17.120349 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rails/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTgAAAAQ"]
[Mon Jul 28 20:46:17.143117 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rasax/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rasax/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTwAAAAQ"]
[Mon Jul 28 20:46:17.143386 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rasax/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTwAAAAQ"]
[Mon Jul 28 20:46:17.143576 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rasax/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNTwAAAAQ"]
[Mon Jul 28 20:46:17.166068 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUAAAAAQ"]
[Mon Jul 28 20:46:17.166319 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUAAAAAQ"]
[Mon Jul 28 20:46:17.166564 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUAAAAAQ"]
[Mon Jul 28 20:46:17.189034 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react_todo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react_todo/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUQAAAAQ"]
[Mon Jul 28 20:46:17.189265 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react_todo/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUQAAAAQ"]
[Mon Jul 28 20:46:17.189435 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react_todo/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUQAAAAQ"]
[Mon Jul 28 20:46:17.211972 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redmine/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/redmine/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUgAAAAQ"]
[Mon Jul 28 20:46:17.212204 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/redmine/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUgAAAAQ"]
[Mon Jul 28 20:46:17.212379 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/redmine/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUgAAAAQ"]
[Mon Jul 28 20:46:17.234518 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /repo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repo/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUwAAAAQ"]
[Mon Jul 28 20:46:17.234730 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repo/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUwAAAAQ"]
[Mon Jul 28 20:46:17.234896 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repo/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNUwAAAAQ"]
[Mon Jul 28 20:46:17.257612 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /repos/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVAAAAAQ"]
[Mon Jul 28 20:46:17.257809 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVAAAAAQ"]
[Mon Jul 28 20:46:17.257958 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repos/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVAAAAAQ"]
[Mon Jul 28 20:46:17.280220 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /repository/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVQAAAAQ"]
[Mon Jul 28 20:46:17.280418 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVQAAAAQ"]
[Mon Jul 28 20:46:17.280579 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/repository/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVQAAAAQ"]
[Mon Jul 28 20:46:17.302870 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVgAAAAQ"]
[Mon Jul 28 20:46:17.303086 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVgAAAAQ"]
[Mon Jul 28 20:46:17.303256 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVgAAAAQ"]
[Mon Jul 28 20:46:17.325446 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVwAAAAQ"]
[Mon Jul 28 20:46:17.325637 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVwAAAAQ"]
[Mon Jul 28 20:46:17.325795 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNVwAAAAQ"]
[Mon Jul 28 20:46:17.347975 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/docker/mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/mysql/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWAAAAAQ"]
[Mon Jul 28 20:46:17.348168 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/mysql/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWAAAAAQ"]
[Mon Jul 28 20:46:17.348326 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/mysql/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWAAAAAQ"]
[Mon Jul 28 20:46:17.370619 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/docker/phpmyadmin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/phpmyadmin/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWQAAAAQ"]
[Mon Jul 28 20:46:17.370813 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/phpmyadmin/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWQAAAAQ"]
[Mon Jul 28 20:46:17.370977 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/phpmyadmin/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWQAAAAQ"]
[Mon Jul 28 20:46:17.393164 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/docker/rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/rabbitmq/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWgAAAAQ"]
[Mon Jul 28 20:46:17.393372 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/rabbitmq/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWgAAAAQ"]
[Mon Jul 28 20:46:17.393553 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/rabbitmq/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWgAAAAQ"]
[Mon Jul 28 20:46:17.429252 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/docker/rediscommander/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/rediscommander/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWwAAAAQ"]
[Mon Jul 28 20:46:17.429469 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/rediscommander/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWwAAAAQ"]
[Mon Jul 28 20:46:17.429636 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/docker/rediscommander/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNWwAAAAQ"]
[Mon Jul 28 20:46:17.451656 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resourcesync/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resourcesync/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXAAAAAQ"]
[Mon Jul 28 20:46:17.451870 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resourcesync/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXAAAAAQ"]
[Mon Jul 28 20:46:17.452021 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resourcesync/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXAAAAAQ"]
[Mon Jul 28 20:46:17.497244 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXgAAAAQ"]
[Mon Jul 28 20:46:17.497425 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXgAAAAQ"]
[Mon Jul 28 20:46:17.497578 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rest/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXgAAAAQ"]
[Mon Jul 28 20:46:17.519814 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /restapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/restapi/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXwAAAAQ"]
[Mon Jul 28 20:46:17.520011 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/restapi/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXwAAAAQ"]
[Mon Jul 28 20:46:17.520174 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/restapi/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNXwAAAAQ"]
[Mon Jul 28 20:46:17.542499 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /results/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/results/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNYAAAAAQ"]
[Mon Jul 28 20:46:17.542702 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/results/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNYAAAAAQ"]
[Mon Jul 28 20:46:17.542860 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/results/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNYAAAAAQ"]
[Mon Jul 28 20:46:17.587937 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /robots/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/robots/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNYgAAAAQ"]
[Mon Jul 28 20:46:17.588124 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/robots/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNYgAAAAQ"]
[Mon Jul 28 20:46:17.588341 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/robots/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNYgAAAAQ"]
[Mon Jul 28 20:46:17.633878 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /root/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZAAAAAQ"]
[Mon Jul 28 20:46:17.634092 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZAAAAAQ"]
[Mon Jul 28 20:46:17.634264 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZAAAAAQ"]
[Mon Jul 28 20:46:17.657511 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rosterback/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rosterBack/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZQAAAAQ"]
[Mon Jul 28 20:46:17.657719 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rosterBack/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZQAAAAQ"]
[Mon Jul 28 20:46:17.657876 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rosterBack/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZQAAAAQ"]
[Mon Jul 28 20:46:17.679926 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /roundcube/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcube/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZgAAAAQ"]
[Mon Jul 28 20:46:17.680121 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcube/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZgAAAAQ"]
[Mon Jul 28 20:46:17.680297 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcube/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZgAAAAQ"]
[Mon Jul 28 20:46:17.702424 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /roundcubemail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcubemail/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZwAAAAQ"]
[Mon Jul 28 20:46:17.702673 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcubemail/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZwAAAAQ"]
[Mon Jul 28 20:46:17.702829 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/roundcubemail/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNZwAAAAQ"]
[Mon Jul 28 20:46:17.725039 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /routes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/routes/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNaAAAAAQ"]
[Mon Jul 28 20:46:17.725246 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/routes/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNaAAAAAQ"]
[Mon Jul 28 20:46:17.725429 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/routes/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNaAAAAAQ"]
[Mon Jul 28 20:46:17.747639 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /run/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/run/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNaQAAAAQ"]
[Mon Jul 28 20:46:17.747822 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/run/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNaQAAAAQ"]
[Mon Jul 28 20:46:17.747972 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/run/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNaQAAAAQ"]
[Mon Jul 28 20:46:17.770140 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust-backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rust-backend/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNagAAAAQ"]
[Mon Jul 28 20:46:17.770327 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rust-backend/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNagAAAAQ"]
[Mon Jul 28 20:46:17.770525 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rust-backend/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNagAAAAQ"]
[Mon Jul 28 20:46:17.792714 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust-backend/dao/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/rust-backend/dao/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNawAAAAQ"]
[Mon Jul 28 20:46:17.792904 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/rust-backend/dao/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNawAAAAQ"]
[Mon Jul 28 20:46:17.793086 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/rust-backend/dao/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNawAAAAQ"]
[Mon Jul 28 20:46:17.815260 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /s-with-me-front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s-with-me-front/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbAAAAAQ"]
[Mon Jul 28 20:46:17.815454 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s-with-me-front/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbAAAAAQ"]
[Mon Jul 28 20:46:17.815621 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s-with-me-front/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbAAAAAQ"]
[Mon Jul 28 20:46:17.861068 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbgAAAAQ"]
[Mon Jul 28 20:46:17.861262 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbgAAAAQ"]
[Mon Jul 28 20:46:17.861425 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbgAAAAQ"]
[Mon Jul 28 20:46:17.883636 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /samples/chatroom/chatroom-spa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/chatroom/chatroom-spa/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbwAAAAQ"]
[Mon Jul 28 20:46:17.883833 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/chatroom/chatroom-spa/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbwAAAAQ"]
[Mon Jul 28 20:46:17.884016 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/chatroom/chatroom-spa/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNbwAAAAQ"]
[Mon Jul 28 20:46:17.906228 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /samples/docker/deploymentscripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/docker/deploymentscripts/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcAAAAAQ"]
[Mon Jul 28 20:46:17.906456 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/docker/deploymentscripts/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcAAAAAQ"]
[Mon Jul 28 20:46:17.906629 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/samples/docker/deploymentscripts/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcAAAAAQ"]
[Mon Jul 28 20:46:17.951737 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /script/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/script/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcgAAAAQ"]
[Mon Jul 28 20:46:17.951938 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/script/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcgAAAAQ"]
[Mon Jul 28 20:46:17.952086 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/script/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcgAAAAQ"]
[Mon Jul 28 20:46:17.974381 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcwAAAAQ"]
[Mon Jul 28 20:46:17.974573 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcwAAAAQ"]
[Mon Jul 28 20:46:17.974721 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNcwAAAAQ"]
[Mon Jul 28 20:46:17.996868 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/fvt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/fvt/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNdAAAAAQ"]
[Mon Jul 28 20:46:17.997040 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/fvt/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNdAAAAAQ"]
[Mon Jul 28 20:46:17.997178 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/scripts/fvt/.env"] [unique_id "aIfFeeXeAg5fi4n6U5fNdAAAAAQ"]
[Mon Jul 28 20:46:18.080789 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secrets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/secrets/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNdwAAAAQ"]
[Mon Jul 28 20:46:18.080996 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/secrets/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNdwAAAAQ"]
[Mon Jul 28 20:46:18.081168 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/secrets/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNdwAAAAQ"]
[Mon Jul 28 20:46:18.103470 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selfish-darling-backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/selfish-darling-backend/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNeAAAAAQ"]
[Mon Jul 28 20:46:18.103700 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/selfish-darling-backend/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNeAAAAAQ"]
[Mon Jul 28 20:46:18.103901 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/selfish-darling-backend/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNeAAAAAQ"]
[Mon Jul 28 20:46:18.149383 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /serve-browserbench/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/serve-browserbench/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNegAAAAQ"]
[Mon Jul 28 20:46:18.149614 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/serve-browserbench/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNegAAAAQ"]
[Mon Jul 28 20:46:18.149806 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/serve-browserbench/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNegAAAAQ"]
[Mon Jul 28 20:46:18.172173 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /serve_time_server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Serve_time_server/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNewAAAAQ"]
[Mon Jul 28 20:46:18.172400 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Serve_time_server/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNewAAAAQ"]
[Mon Jul 28 20:46:18.172652 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Serve_time_server/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNewAAAAQ"]
[Mon Jul 28 20:46:18.194443 2025] [authz_core:error] [pid 1533990] [client 185.177.72.201:36212] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Mon Jul 28 20:46:18.217008 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.log"] [unique_id "aIfFeuXeAg5fi4n6U5fNfQAAAAQ"]
[Mon Jul 28 20:46:18.217460 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.log"] [unique_id "aIfFeuXeAg5fi4n6U5fNfQAAAAQ"]
[Mon Jul 28 20:46:18.217657 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.log"] [unique_id "aIfFeuXeAg5fi4n6U5fNfQAAAAQ"]
[Mon Jul 28 20:46:18.239848 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/config/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNfgAAAAQ"]
[Mon Jul 28 20:46:18.240068 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/config/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNfgAAAAQ"]
[Mon Jul 28 20:46:18.240231 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/config/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNfgAAAAQ"]
[Mon Jul 28 20:46:18.262425 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/laravel/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNfwAAAAQ"]
[Mon Jul 28 20:46:18.262612 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/laravel/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNfwAAAAQ"]
[Mon Jul 28 20:46:18.262755 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/laravel/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNfwAAAAQ"]
[Mon Jul 28 20:46:18.308139 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/src/persistence/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/src/persistence/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNgQAAAAQ"]
[Mon Jul 28 20:46:18.308322 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/src/persistence/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNgQAAAAQ"]
[Mon Jul 28 20:46:18.308477 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/src/persistence/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNgQAAAAQ"]
[Mon Jul 28 20:46:18.330581 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server_with_db/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Server_with_db/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNggAAAAQ"]
[Mon Jul 28 20:46:18.330781 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Server_with_db/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNggAAAAQ"]
[Mon Jul 28 20:46:18.330950 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Server_with_db/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNggAAAAQ"]
[Mon Jul 28 20:46:18.399040 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhQAAAAQ"]
[Mon Jul 28 20:46:18.399217 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhQAAAAQ"]
[Mon Jul 28 20:46:18.399370 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/service/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhQAAAAQ"]
[Mon Jul 28 20:46:18.421456 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhgAAAAQ"]
[Mon Jul 28 20:46:18.421659 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhgAAAAQ"]
[Mon Jul 28 20:46:18.421827 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhgAAAAQ"]
[Mon Jul 28 20:46:18.443985 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/adminer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/adminer/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhwAAAAQ"]
[Mon Jul 28 20:46:18.444157 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/adminer/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhwAAAAQ"]
[Mon Jul 28 20:46:18.444334 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/adminer/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNhwAAAAQ"]
[Mon Jul 28 20:46:18.466536 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/deployment-agent/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/deployment-agent/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiAAAAAQ"]
[Mon Jul 28 20:46:18.466727 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/deployment-agent/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiAAAAAQ"]
[Mon Jul 28 20:46:18.466878 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/deployment-agent/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiAAAAAQ"]
[Mon Jul 28 20:46:18.488996 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/documents/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/documents/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiQAAAAQ"]
[Mon Jul 28 20:46:18.489167 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/documents/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiQAAAAQ"]
[Mon Jul 28 20:46:18.489324 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/documents/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiQAAAAQ"]
[Mon Jul 28 20:46:18.511504 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/graylog/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/graylog/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNigAAAAQ"]
[Mon Jul 28 20:46:18.511694 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/graylog/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNigAAAAQ"]
[Mon Jul 28 20:46:18.511858 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/graylog/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNigAAAAQ"]
[Mon Jul 28 20:46:18.534145 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/jaeger/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/jaeger/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiwAAAAQ"]
[Mon Jul 28 20:46:18.534330 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/jaeger/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiwAAAAQ"]
[Mon Jul 28 20:46:18.534540 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/jaeger/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNiwAAAAQ"]
[Mon Jul 28 20:46:18.556535 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/minio/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/minio/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjAAAAAQ"]
[Mon Jul 28 20:46:18.556711 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/minio/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjAAAAAQ"]
[Mon Jul 28 20:46:18.556884 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/minio/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjAAAAAQ"]
[Mon Jul 28 20:46:18.579046 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/monitoring/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/monitoring/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjQAAAAQ"]
[Mon Jul 28 20:46:18.579220 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/monitoring/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjQAAAAQ"]
[Mon Jul 28 20:46:18.579396 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/monitoring/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjQAAAAQ"]
[Mon Jul 28 20:46:18.601502 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/portainer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/portainer/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjgAAAAQ"]
[Mon Jul 28 20:46:18.601670 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/portainer/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjgAAAAQ"]
[Mon Jul 28 20:46:18.601856 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/portainer/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjgAAAAQ"]
[Mon Jul 28 20:46:18.624033 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/redis-commander/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/redis-commander/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjwAAAAQ"]
[Mon Jul 28 20:46:18.624225 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/redis-commander/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjwAAAAQ"]
[Mon Jul 28 20:46:18.624387 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/redis-commander/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNjwAAAAQ"]
[Mon Jul 28 20:46:18.646674 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/registry/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/registry/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkAAAAAQ"]
[Mon Jul 28 20:46:18.646855 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/registry/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkAAAAAQ"]
[Mon Jul 28 20:46:18.647015 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/registry/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkAAAAAQ"]
[Mon Jul 28 20:46:18.669322 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/simcore/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/simcore/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkQAAAAQ"]
[Mon Jul 28 20:46:18.669513 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/simcore/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkQAAAAQ"]
[Mon Jul 28 20:46:18.669675 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/simcore/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkQAAAAQ"]
[Mon Jul 28 20:46:18.691751 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/traefik/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/traefik/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkgAAAAQ"]
[Mon Jul 28 20:46:18.691938 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/traefik/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkgAAAAQ"]
[Mon Jul 28 20:46:18.692095 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/traefik/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkgAAAAQ"]
[Mon Jul 28 20:46:18.714463 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sessions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sessions/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkwAAAAQ"]
[Mon Jul 28 20:46:18.714693 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sessions/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkwAAAAQ"]
[Mon Jul 28 20:46:18.714868 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sessions/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNkwAAAAQ"]
[Mon Jul 28 20:46:18.775828 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlQAAAAQ"]
[Mon Jul 28 20:46:18.776077 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlQAAAAQ"]
[Mon Jul 28 20:46:18.776264 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shared/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlQAAAAQ"]
[Mon Jul 28 20:46:18.798575 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shibboleth/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shibboleth/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlgAAAAQ"]
[Mon Jul 28 20:46:18.798808 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shibboleth/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlgAAAAQ"]
[Mon Jul 28 20:46:18.798993 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shibboleth/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlgAAAAQ"]
[Mon Jul 28 20:46:18.821300 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlwAAAAQ"]
[Mon Jul 28 20:46:18.821509 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlwAAAAQ"]
[Mon Jul 28 20:46:18.821692 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shop/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNlwAAAAQ"]
[Mon Jul 28 20:46:18.843871 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopware/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/shopware/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNmAAAAAQ"]
[Mon Jul 28 20:46:18.844096 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/shopware/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNmAAAAAQ"]
[Mon Jul 28 20:46:18.844254 2025] [:error] [pid 1533990] [client 185.177.72.201:36212] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/shopware/.env"] [unique_id "aIfFeuXeAg5fi4n6U5fNmAAAAAQ"]
[Mon Jul 28 20:46:19.045306 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site-library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site-library/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcAAAAAg"]
[Mon Jul 28 20:46:19.045542 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site-library/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcAAAAAg"]
[Mon Jul 28 20:46:19.045722 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site-library/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcAAAAAg"]
[Mon Jul 28 20:46:19.074922 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcQAAAAg"]
[Mon Jul 28 20:46:19.075146 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcQAAAAg"]
[Mon Jul 28 20:46:19.075317 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcQAAAAg"]
[Mon Jul 28 20:46:19.104703 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sites/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcgAAAAg"]
[Mon Jul 28 20:46:19.104938 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcgAAAAg"]
[Mon Jul 28 20:46:19.105124 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcgAAAAg"]
[Mon Jul 28 20:46:19.134300 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitestatic/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sitestatic/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcwAAAAg"]
[Mon Jul 28 20:46:19.134617 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sitestatic/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcwAAAAg"]
[Mon Jul 28 20:46:19.134788 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sitestatic/.env"] [unique_id "aIfFewLZGLzAXRzMJrelcwAAAAg"]
[Mon Jul 28 20:46:19.163965 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /socketio/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Socketio/.env"] [unique_id "aIfFewLZGLzAXRzMJreldAAAAAg"]
[Mon Jul 28 20:46:19.164188 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Socketio/.env"] [unique_id "aIfFewLZGLzAXRzMJreldAAAAAg"]
[Mon Jul 28 20:46:19.164377 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Socketio/.env"] [unique_id "aIfFewLZGLzAXRzMJreldAAAAAg"]
[Mon Jul 28 20:46:19.193662 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /source/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.env"] [unique_id "aIfFewLZGLzAXRzMJreldQAAAAg"]
[Mon Jul 28 20:46:19.193890 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.env"] [unique_id "aIfFewLZGLzAXRzMJreldQAAAAg"]
[Mon Jul 28 20:46:19.194070 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/source/.env"] [unique_id "aIfFewLZGLzAXRzMJreldQAAAAg"]
[Mon Jul 28 20:46:19.223149 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sources/.env"] [unique_id "aIfFewLZGLzAXRzMJreldgAAAAg"]
[Mon Jul 28 20:46:19.223390 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sources/.env"] [unique_id "aIfFewLZGLzAXRzMJreldgAAAAg"]
[Mon Jul 28 20:46:19.223559 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sources/.env"] [unique_id "aIfFewLZGLzAXRzMJreldgAAAAg"]
[Mon Jul 28 20:46:19.252680 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sources/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Sources/API/.env"] [unique_id "aIfFewLZGLzAXRzMJreldwAAAAg"]
[Mon Jul 28 20:46:19.252888 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Sources/API/.env"] [unique_id "aIfFewLZGLzAXRzMJreldwAAAAg"]
[Mon Jul 28 20:46:19.253048 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Sources/API/.env"] [unique_id "aIfFewLZGLzAXRzMJreldwAAAAg"]
[Mon Jul 28 20:46:19.282659 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spearmint/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/spearmint/.env"] [unique_id "aIfFewLZGLzAXRzMJreleAAAAAg"]
[Mon Jul 28 20:46:19.282856 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/spearmint/.env"] [unique_id "aIfFewLZGLzAXRzMJreleAAAAAg"]
[Mon Jul 28 20:46:19.283009 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/spearmint/.env"] [unique_id "aIfFewLZGLzAXRzMJreleAAAAAg"]
[Mon Jul 28 20:46:19.312044 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spikes/config-material-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/spikes/config-material-app/.env"] [unique_id "aIfFewLZGLzAXRzMJreleQAAAAg"]
[Mon Jul 28 20:46:19.312239 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/spikes/config-material-app/.env"] [unique_id "aIfFewLZGLzAXRzMJreleQAAAAg"]
[Mon Jul 28 20:46:19.312386 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/spikes/config-material-app/.env"] [unique_id "aIfFewLZGLzAXRzMJreleQAAAAg"]
[Mon Jul 28 20:46:19.341463 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spotiapps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/SpotiApps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelegAAAAg"]
[Mon Jul 28 20:46:19.341657 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/SpotiApps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelegAAAAg"]
[Mon Jul 28 20:46:19.341813 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/SpotiApps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelegAAAAg"]
[Mon Jul 28 20:46:19.370957 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/__tests__/__fixtures__/instancewithdependentsteps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/instanceWithDependentSteps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelewAAAAg"]
[Mon Jul 28 20:46:19.371150 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/instanceWithDependentSteps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelewAAAAg"]
[Mon Jul 28 20:46:19.371328 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/instanceWithDependentSteps/.env"] [unique_id "aIfFewLZGLzAXRzMJrelewAAAAg"]
[Mon Jul 28 20:46:19.400416 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/__tests__/__fixtures__/typescriptintegrationproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptIntegrationProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfAAAAAg"]
[Mon Jul 28 20:46:19.400610 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptIntegrationProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfAAAAAg"]
[Mon Jul 28 20:46:19.400795 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptIntegrationProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfAAAAAg"]
[Mon Jul 28 20:46:19.430992 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/__tests__/__fixtures__/typescriptproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfQAAAAg"]
[Mon Jul 28 20:46:19.431224 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfQAAAAg"]
[Mon Jul 28 20:46:19.431392 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfQAAAAg"]
[Mon Jul 28 20:46:19.460689 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/__tests__/__fixtures__/typescriptvisualizeproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptVisualizeProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfgAAAAg"]
[Mon Jul 28 20:46:19.460909 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptVisualizeProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfgAAAAg"]
[Mon Jul 28 20:46:19.461102 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/__tests__/__fixtures__/typeScriptVisualizeProject/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfgAAAAg"]
[Mon Jul 28 20:46:19.490847 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/add-auth/express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/add-auth/express/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfwAAAAg"]
[Mon Jul 28 20:46:19.491075 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/add-auth/express/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfwAAAAg"]
[Mon Jul 28 20:46:19.491401 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/add-auth/express/.env"] [unique_id "aIfFewLZGLzAXRzMJrelfwAAAAg"]
[Mon Jul 28 20:46:19.520563 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/assembly/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/assembly/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgAAAAAg"]
[Mon Jul 28 20:46:19.520761 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/assembly/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgAAAAAg"]
[Mon Jul 28 20:46:19.520923 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/assembly/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgAAAAAg"]
[Mon Jul 28 20:46:19.550074 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/character-service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/character-service/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgQAAAAg"]
[Mon Jul 28 20:46:19.550271 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/character-service/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgQAAAAg"]
[Mon Jul 28 20:46:19.550457 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/character-service/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgQAAAAg"]
[Mon Jul 28 20:46:19.583537 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/client/mobile/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/client/mobile/.env"] [unique_id "aIfFewLZGLzAXRzMJrelggAAAAg"]
[Mon Jul 28 20:46:19.583753 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/client/mobile/.env"] [unique_id "aIfFewLZGLzAXRzMJrelggAAAAg"]
[Mon Jul 28 20:46:19.583929 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/client/mobile/.env"] [unique_id "aIfFewLZGLzAXRzMJrelggAAAAg"]
[Mon Jul 28 20:46:19.612985 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/core/tests/dotenv-files/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/core/tests/dotenv-files/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgwAAAAg"]
[Mon Jul 28 20:46:19.613186 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/core/tests/dotenv-files/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgwAAAAg"]
[Mon Jul 28 20:46:19.613390 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/core/tests/dotenv-files/.env"] [unique_id "aIfFewLZGLzAXRzMJrelgwAAAAg"]
[Mon Jul 28 20:46:19.642698 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/gameprovider-service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/gameprovider-service/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhAAAAAg"]
[Mon Jul 28 20:46:19.642901 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/gameprovider-service/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhAAAAAg"]
[Mon Jul 28 20:46:19.643067 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/gameprovider-service/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhAAAAAg"]
[Mon Jul 28 20:46:19.672325 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/main/front-end/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/main/front-end/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhQAAAAg"]
[Mon Jul 28 20:46:19.672549 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/main/front-end/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhQAAAAg"]
[Mon Jul 28 20:46:19.672763 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/main/front-end/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhQAAAAg"]
[Mon Jul 28 20:46:19.702123 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/main/resources/archetype-resources/__rootartifactid__-acceptance-test/src/test/resources/app-launcher-tile/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/main/resources/archetype-resources/__rootArtifactId__-acceptance-test/src/test/resources/app-launcher-tile/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhgAAAAg"]
[Mon Jul 28 20:46:19.702379 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/main/resources/archetype-resources/__rootArtifactId__-acceptance-test/src/test/resources/app-launcher-tile/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhgAAAAg"]
[Mon Jul 28 20:46:19.702558 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/main/resources/archetype-resources/__rootArtifactId__-acceptance-test/src/test/resources/app-launcher-tile/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhgAAAAg"]
[Mon Jul 28 20:46:19.731935 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/renderer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/renderer/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhwAAAAg"]
[Mon Jul 28 20:46:19.732165 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/renderer/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhwAAAAg"]
[Mon Jul 28 20:46:19.732349 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/renderer/.env"] [unique_id "aIfFewLZGLzAXRzMJrelhwAAAAg"]
[Mon Jul 28 20:46:19.761726 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv6_controller/controller/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/controller/.env"] [unique_id "aIfFewLZGLzAXRzMJreliAAAAAg"]
[Mon Jul 28 20:46:19.761972 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/controller/.env"] [unique_id "aIfFewLZGLzAXRzMJreliAAAAAg"]
[Mon Jul 28 20:46:19.762152 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/controller/.env"] [unique_id "aIfFewLZGLzAXRzMJreliAAAAAg"]
[Mon Jul 28 20:46:19.791521 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv6_controller/examples/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/examples/.env"] [unique_id "aIfFewLZGLzAXRzMJreliQAAAAg"]
[Mon Jul 28 20:46:19.791758 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/examples/.env"] [unique_id "aIfFewLZGLzAXRzMJreliQAAAAg"]
[Mon Jul 28 20:46:19.791953 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/examples/.env"] [unique_id "aIfFewLZGLzAXRzMJreliQAAAAg"]
[Mon Jul 28 20:46:19.821249 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv6_controller/node-manager/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/node-manager/.env"] [unique_id "aIfFewLZGLzAXRzMJreligAAAAg"]
[Mon Jul 28 20:46:19.821476 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/node-manager/.env"] [unique_id "aIfFewLZGLzAXRzMJreligAAAAg"]
[Mon Jul 28 20:46:19.821677 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/srv6_controller/node-manager/.env"] [unique_id "aIfFewLZGLzAXRzMJreligAAAAg"]
[Mon Jul 28 20:46:19.850854 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /st-js-be-2020-movies-two/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/st-js-be-2020-movies-two/.env"] [unique_id "aIfFewLZGLzAXRzMJreliwAAAAg"]
[Mon Jul 28 20:46:19.851063 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/st-js-be-2020-movies-two/.env"] [unique_id "aIfFewLZGLzAXRzMJreliwAAAAg"]
[Mon Jul 28 20:46:19.851232 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/st-js-be-2020-movies-two/.env"] [unique_id "aIfFewLZGLzAXRzMJreliwAAAAg"]
[Mon Jul 28 20:46:19.910334 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stackato-pkg/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/stackato-pkg/.env"] [unique_id "aIfFewLZGLzAXRzMJreljQAAAAg"]
[Mon Jul 28 20:46:19.910554 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/stackato-pkg/.env"] [unique_id "aIfFewLZGLzAXRzMJreljQAAAAg"]
[Mon Jul 28 20:46:19.910721 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/stackato-pkg/.env"] [unique_id "aIfFewLZGLzAXRzMJreljQAAAAg"]
[Mon Jul 28 20:46:19.942225 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stag/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/stag/.env"] [unique_id "aIfFewLZGLzAXRzMJreljgAAAAg"]
[Mon Jul 28 20:46:19.942449 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/stag/.env"] [unique_id "aIfFewLZGLzAXRzMJreljgAAAAg"]
[Mon Jul 28 20:46:19.942624 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/stag/.env"] [unique_id "aIfFewLZGLzAXRzMJreljgAAAAg"]
[Mon Jul 28 20:46:20.033080 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/api/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkQAAAAg"]
[Mon Jul 28 20:46:20.033295 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/api/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkQAAAAg"]
[Mon Jul 28 20:46:20.033503 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/api/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkQAAAAg"]
[Mon Jul 28 20:46:20.064042 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/backend/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkgAAAAg"]
[Mon Jul 28 20:46:20.064251 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/backend/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkgAAAAg"]
[Mon Jul 28 20:46:20.064421 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/backend/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkgAAAAg"]
[Mon Jul 28 20:46:20.093636 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/frontend/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkwAAAAg"]
[Mon Jul 28 20:46:20.093837 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/frontend/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkwAAAAg"]
[Mon Jul 28 20:46:20.093998 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staging/frontend/.env"] [unique_id "aIfFfALZGLzAXRzMJrelkwAAAAg"]
[Mon Jul 28 20:46:20.123319 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static-collected/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static-collected/.env"] [unique_id "aIfFfALZGLzAXRzMJrellAAAAAg"]
[Mon Jul 28 20:46:20.123546 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static-collected/.env"] [unique_id "aIfFfALZGLzAXRzMJrellAAAAAg"]
[Mon Jul 28 20:46:20.123726 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static-collected/.env"] [unique_id "aIfFfALZGLzAXRzMJrellAAAAAg"]
[Mon Jul 28 20:46:20.153063 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static-html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static-html/.env"] [unique_id "aIfFfALZGLzAXRzMJrellQAAAAg"]
[Mon Jul 28 20:46:20.153306 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static-html/.env"] [unique_id "aIfFfALZGLzAXRzMJrellQAAAAg"]
[Mon Jul 28 20:46:20.153533 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static-html/.env"] [unique_id "aIfFfALZGLzAXRzMJrellQAAAAg"]
[Mon Jul 28 20:46:20.182967 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static-root/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static-root/.env"] [unique_id "aIfFfALZGLzAXRzMJrellgAAAAg"]
[Mon Jul 28 20:46:20.183199 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static-root/.env"] [unique_id "aIfFfALZGLzAXRzMJrellgAAAAg"]
[Mon Jul 28 20:46:20.183402 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static-root/.env"] [unique_id "aIfFfALZGLzAXRzMJrellgAAAAg"]
[Mon Jul 28 20:46:20.212765 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.env"] [unique_id "aIfFfALZGLzAXRzMJrellwAAAAg"]
[Mon Jul 28 20:46:20.213000 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.env"] [unique_id "aIfFfALZGLzAXRzMJrellwAAAAg"]
[Mon Jul 28 20:46:20.213193 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static/.env"] [unique_id "aIfFfALZGLzAXRzMJrellwAAAAg"]
[Mon Jul 28 20:46:20.635277 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static_prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static_prod/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpQAAAAg"]
[Mon Jul 28 20:46:20.635502 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static_prod/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpQAAAAg"]
[Mon Jul 28 20:46:20.635692 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static_prod/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpQAAAAg"]
[Mon Jul 28 20:46:20.665604 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static_root/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static_root/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpgAAAAg"]
[Mon Jul 28 20:46:20.665813 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static_root/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpgAAAAg"]
[Mon Jul 28 20:46:20.665980 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static_root/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpgAAAAg"]
[Mon Jul 28 20:46:20.695281 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static_user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/static_user/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpwAAAAg"]
[Mon Jul 28 20:46:20.695495 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/static_user/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpwAAAAg"]
[Mon Jul 28 20:46:20.695672 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/static_user/.env"] [unique_id "aIfFfALZGLzAXRzMJrelpwAAAAg"]
[Mon Jul 28 20:46:20.724958 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staticfiles/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/staticfiles/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqAAAAAg"]
[Mon Jul 28 20:46:20.725213 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/staticfiles/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqAAAAAg"]
[Mon Jul 28 20:46:20.725419 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/staticfiles/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqAAAAAg"]
[Mon Jul 28 20:46:20.754767 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/stats/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqQAAAAg"]
[Mon Jul 28 20:46:20.755004 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/stats/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqQAAAAg"]
[Mon Jul 28 20:46:20.755194 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/stats/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqQAAAAg"]
[Mon Jul 28 20:46:20.785146 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqgAAAAg"]
[Mon Jul 28 20:46:20.785406 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqgAAAAg"]
[Mon Jul 28 20:46:20.785602 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aIfFfALZGLzAXRzMJrelqgAAAAg"]
[Mon Jul 28 20:46:20.815033 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "aIfFfALZGLzAXRzMJrelqwAAAAg"]
[Mon Jul 28 20:46:20.815268 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "aIfFfALZGLzAXRzMJrelqwAAAAg"]
[Mon Jul 28 20:46:20.815487 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.local"] [unique_id "aIfFfALZGLzAXRzMJrelqwAAAAg"]
[Mon Jul 28 20:46:20.875266 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /strapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/strapi/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrQAAAAg"]
[Mon Jul 28 20:46:20.875514 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/strapi/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrQAAAAg"]
[Mon Jul 28 20:46:20.875726 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/strapi/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrQAAAAg"]
[Mon Jul 28 20:46:20.904945 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /style/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/style/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrgAAAAg"]
[Mon Jul 28 20:46:20.905184 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/style/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrgAAAAg"]
[Mon Jul 28 20:46:20.905359 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/style/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrgAAAAg"]
[Mon Jul 28 20:46:20.934693 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /styles/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/styles.css/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrwAAAAg"]
[Mon Jul 28 20:46:20.934924 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/styles.css/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrwAAAAg"]
[Mon Jul 28 20:46:20.935114 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/styles.css/.env"] [unique_id "aIfFfALZGLzAXRzMJrelrwAAAAg"]
[Mon Jul 28 20:46:20.964324 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stylesheets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/stylesheets/.env"] [unique_id "aIfFfALZGLzAXRzMJrelsAAAAAg"]
[Mon Jul 28 20:46:20.964548 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/stylesheets/.env"] [unique_id "aIfFfALZGLzAXRzMJrelsAAAAAg"]
[Mon Jul 28 20:46:20.964748 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/stylesheets/.env"] [unique_id "aIfFfALZGLzAXRzMJrelsAAAAAg"]
[Mon Jul 28 20:46:21.024228 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelsgAAAAg"]
[Mon Jul 28 20:46:21.024457 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelsgAAAAg"]
[Mon Jul 28 20:46:21.024652 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelsgAAAAg"]
[Mon Jul 28 20:46:21.053708 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system-config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system-config/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelswAAAAg"]
[Mon Jul 28 20:46:21.053920 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system-config/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelswAAAAg"]
[Mon Jul 28 20:46:21.054092 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system-config/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelswAAAAg"]
[Mon Jul 28 20:46:21.083132 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aIfFfQLZGLzAXRzMJreltAAAAAg"]
[Mon Jul 28 20:46:21.083348 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aIfFfQLZGLzAXRzMJreltAAAAAg"]
[Mon Jul 28 20:46:21.083541 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aIfFfQLZGLzAXRzMJreltAAAAAg"]
[Mon Jul 28 20:46:21.173266 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /target/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/target/.env"] [unique_id "aIfFfQLZGLzAXRzMJreltwAAAAg"]
[Mon Jul 28 20:46:21.173504 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/target/.env"] [unique_id "aIfFfQLZGLzAXRzMJreltwAAAAg"]
[Mon Jul 28 20:46:21.174060 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/target/.env"] [unique_id "aIfFfQLZGLzAXRzMJreltwAAAAg"]
[Mon Jul 28 20:46:21.203600 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temanr10/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr10/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluAAAAAg"]
[Mon Jul 28 20:46:21.203834 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr10/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluAAAAAg"]
[Mon Jul 28 20:46:21.204021 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr10/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluAAAAAg"]
[Mon Jul 28 20:46:21.233339 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temanr9/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr9/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluQAAAAg"]
[Mon Jul 28 20:46:21.233590 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr9/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluQAAAAg"]
[Mon Jul 28 20:46:21.233778 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/temanr9/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluQAAAAg"]
[Mon Jul 28 20:46:21.293518 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/temp/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluwAAAAg"]
[Mon Jul 28 20:46:21.293734 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/temp/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluwAAAAg"]
[Mon Jul 28 20:46:21.293918 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/temp/.env"] [unique_id "aIfFfQLZGLzAXRzMJreluwAAAAg"]
[Mon Jul 28 20:46:21.323033 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /template/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelvAAAAAg"]
[Mon Jul 28 20:46:21.323231 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelvAAAAAg"]
[Mon Jul 28 20:46:21.323418 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/template/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelvAAAAAg"]
[Mon Jul 28 20:46:21.352630 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelvQAAAAg"]
[Mon Jul 28 20:46:21.352830 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelvQAAAAg"]
[Mon Jul 28 20:46:21.352995 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/templates/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelvQAAAAg"]
[Mon Jul 28 20:46:21.442631 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test-network/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test-network/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwAAAAAg"]
[Mon Jul 28 20:46:21.442874 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test-network/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwAAAAAg"]
[Mon Jul 28 20:46:21.443063 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test-network/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwAAAAAg"]
[Mon Jul 28 20:46:21.472288 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test-network/addorg3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test-network/addOrg3/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwQAAAAg"]
[Mon Jul 28 20:46:21.472523 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test-network/addOrg3/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwQAAAAg"]
[Mon Jul 28 20:46:21.472717 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test-network/addOrg3/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwQAAAAg"]
[Mon Jul 28 20:46:21.532607 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/aries-js-worker/fixtures/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/aries-js-worker/fixtures/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwwAAAAg"]
[Mon Jul 28 20:46:21.532863 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/aries-js-worker/fixtures/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwwAAAAg"]
[Mon Jul 28 20:46:21.533063 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/aries-js-worker/fixtures/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelwwAAAAg"]
[Mon Jul 28 20:46:21.562431 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/adapter-rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/adapter-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxAAAAAg"]
[Mon Jul 28 20:46:21.562687 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/adapter-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxAAAAAg"]
[Mon Jul 28 20:46:21.562879 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/adapter-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxAAAAAg"]
[Mon Jul 28 20:46:21.592259 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/agent-rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/agent-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxQAAAAg"]
[Mon Jul 28 20:46:21.592502 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/agent-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxQAAAAg"]
[Mon Jul 28 20:46:21.592673 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/agent-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxQAAAAg"]
[Mon Jul 28 20:46:21.622058 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/couchdb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/couchdb/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxgAAAAg"]
[Mon Jul 28 20:46:21.622289 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/couchdb/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxgAAAAg"]
[Mon Jul 28 20:46:21.622489 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/couchdb/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxgAAAAg"]
[Mon Jul 28 20:46:21.651767 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/demo/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxwAAAAg"]
[Mon Jul 28 20:46:21.652014 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/demo/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxwAAAAg"]
[Mon Jul 28 20:46:21.652197 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/demo/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelxwAAAAg"]
[Mon Jul 28 20:46:21.681516 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/demo/openapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/demo/openapi/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelyAAAAAg"]
[Mon Jul 28 20:46:21.681760 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/demo/openapi/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelyAAAAAg"]
[Mon Jul 28 20:46:21.681957 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/demo/openapi/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelyAAAAAg"]
[Mon Jul 28 20:46:21.711343 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/did-method-rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-method-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelyQAAAAg"]
[Mon Jul 28 20:46:21.711590 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-method-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelyQAAAAg"]
[Mon Jul 28 20:46:21.711782 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-method-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelyQAAAAg"]
[Mon Jul 28 20:46:21.741021 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/did-rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelygAAAAg"]
[Mon Jul 28 20:46:21.741264 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelygAAAAg"]
[Mon Jul 28 20:46:21.741475 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/did-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelygAAAAg"]
[Mon Jul 28 20:46:21.770776 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/edv-rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/edv-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelywAAAAg"]
[Mon Jul 28 20:46:21.771018 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/edv-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelywAAAAg"]
[Mon Jul 28 20:46:21.771203 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/edv-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelywAAAAg"]
[Mon Jul 28 20:46:21.800370 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/openapi-demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/openapi-demo/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzAAAAAg"]
[Mon Jul 28 20:46:21.800588 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/openapi-demo/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzAAAAAg"]
[Mon Jul 28 20:46:21.800754 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/openapi-demo/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzAAAAAg"]
[Mon Jul 28 20:46:21.830089 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/sidetree-mock/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/sidetree-mock/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzQAAAAg"]
[Mon Jul 28 20:46:21.830335 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/sidetree-mock/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzQAAAAg"]
[Mon Jul 28 20:46:21.830550 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/sidetree-mock/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzQAAAAg"]
[Mon Jul 28 20:46:21.859803 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/universalresolver/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/universalresolver/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzgAAAAg"]
[Mon Jul 28 20:46:21.860068 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/universalresolver/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzgAAAAg"]
[Mon Jul 28 20:46:21.860263 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/universalresolver/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzgAAAAg"]
[Mon Jul 28 20:46:21.889503 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/bdd/fixtures/vc-rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/vc-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzwAAAAg"]
[Mon Jul 28 20:46:21.889746 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/vc-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzwAAAAg"]
[Mon Jul 28 20:46:21.889931 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/bdd/fixtures/vc-rest/.env"] [unique_id "aIfFfQLZGLzAXRzMJrelzwAAAAg"]
[Mon Jul 28 20:46:21.919134 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/fixtures/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0AAAAAg"]
[Mon Jul 28 20:46:21.919370 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0AAAAAg"]
[Mon Jul 28 20:46:21.919553 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0AAAAAg"]
[Mon Jul 28 20:46:21.948908 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/fixtures/app_types/node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/node/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0QAAAAg"]
[Mon Jul 28 20:46:21.949183 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/node/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0QAAAAg"]
[Mon Jul 28 20:46:21.949404 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/node/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0QAAAAg"]
[Mon Jul 28 20:46:21.978937 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/fixtures/app_types/rails/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/rails/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0gAAAAg"]
[Mon Jul 28 20:46:21.979198 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/rails/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0gAAAAg"]
[Mon Jul 28 20:46:21.979395 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/app_types/rails/.env"] [unique_id "aIfFfQLZGLzAXRzMJrel0gAAAAg"]
[Mon Jul 28 20:46:22.008716 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/fixtures/node_path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/node_path/.env"] [unique_id "aIfFfgLZGLzAXRzMJrel0wAAAAg"]
[Mon Jul 28 20:46:22.008994 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/node_path/.env"] [unique_id "aIfFfgLZGLzAXRzMJrel0wAAAAg"]
[Mon Jul 28 20:46:22.009187 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/fixtures/node_path/.env"] [unique_id "aIfFfgLZGLzAXRzMJrel0wAAAAg"]
[Mon Jul 28 20:46:22.038602 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/integration/env-config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/integration/env-config/app/.env"] [unique_id "aIfFfgLZGLzAXRzMJrel1AAAAAg"]
[Mon Jul 28 20:46:22.038845 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/integration/env-config/app/.env"] [unique_id "aIfFfgLZGLzAXRzMJrel1AAAAAg"]
[Mon Jul 28 20:46:22.039027 2025] [:error] [pid 1531600] [client 185.177.72.201:36226] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/integration/env-config/app/.env"] [unique_id "aIfFfgLZGLzAXRzMJrel1AAAAAg"]
[Mon Jul 28 20:46:22.692801 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testfiles/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/testfiles/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp-wAAAAI"]
[Mon Jul 28 20:46:22.692984 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/testfiles/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp-wAAAAI"]
[Mon Jul 28 20:46:22.693142 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/testfiles/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp-wAAAAI"]
[Mon Jul 28 20:46:22.776256 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/testing/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp_gAAAAI"]
[Mon Jul 28 20:46:22.776469 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/testing/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp_gAAAAI"]
[Mon Jul 28 20:46:22.776647 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/testing/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp_gAAAAI"]
[Mon Jul 28 20:46:22.796857 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testing/docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/testing/docker/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp_wAAAAI"]
[Mon Jul 28 20:46:22.797061 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/testing/docker/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp_wAAAAI"]
[Mon Jul 28 20:46:22.797240 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/testing/docker/.env"] [unique_id "aIfFfjtW59P3rmsxDxVp_wAAAAI"]
[Mon Jul 28 20:46:22.817786 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAAAAAAI"]
[Mon Jul 28 20:46:22.817991 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAAAAAAI"]
[Mon Jul 28 20:46:22.818178 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAAAAAAI"]
[Mon Jul 28 20:46:22.838153 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Tests/Application/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAQAAAAI"]
[Mon Jul 28 20:46:22.838420 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Tests/Application/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAQAAAAI"]
[Mon Jul 28 20:46:22.838612 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Tests/Application/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAQAAAAI"]
[Mon Jul 28 20:46:22.858702 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v10.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v10.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAgAAAAI"]
[Mon Jul 28 20:46:22.858899 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v10.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAgAAAAI"]
[Mon Jul 28 20:46:22.859068 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v10.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAgAAAAI"]
[Mon Jul 28 20:46:22.879318 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v11.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v11.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAwAAAAI"]
[Mon Jul 28 20:46:22.879529 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v11.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAwAAAAI"]
[Mon Jul 28 20:46:22.879718 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v11.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqAwAAAAI"]
[Mon Jul 28 20:46:22.899829 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v12.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v12.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBAAAAAI"]
[Mon Jul 28 20:46:22.900033 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v12.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBAAAAAI"]
[Mon Jul 28 20:46:22.900205 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v12.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBAAAAAI"]
[Mon Jul 28 20:46:22.920361 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v13.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v13.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBQAAAAI"]
[Mon Jul 28 20:46:22.920563 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v13.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBQAAAAI"]
[Mon Jul 28 20:46:22.920745 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v13.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBQAAAAI"]
[Mon Jul 28 20:46:22.941348 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v7.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v7.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBgAAAAI"]
[Mon Jul 28 20:46:22.941537 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v7.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBgAAAAI"]
[Mon Jul 28 20:46:22.941705 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v7.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBgAAAAI"]
[Mon Jul 28 20:46:22.961780 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v8.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v8.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBwAAAAI"]
[Mon Jul 28 20:46:22.961974 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v8.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBwAAAAI"]
[Mon Jul 28 20:46:22.962128 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v8.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqBwAAAAI"]
[Mon Jul 28 20:46:22.982296 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/default_settings/v9.0/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v9.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqCAAAAAI"]
[Mon Jul 28 20:46:22.982480 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v9.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqCAAAAAI"]
[Mon Jul 28 20:46:22.982627 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/default_settings/v9.0/.env"] [unique_id "aIfFfjtW59P3rmsxDxVqCAAAAAI"]
[Mon Jul 28 20:46:23.002716 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/drupal-test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/drupal-test/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCQAAAAI"]
[Mon Jul 28 20:46:23.002904 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/drupal-test/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCQAAAAI"]
[Mon Jul 28 20:46:23.003060 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/drupal-test/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCQAAAAI"]
[Mon Jul 28 20:46:23.023303 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/integration/environment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/Integration/Environment/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCgAAAAI"]
[Mon Jul 28 20:46:23.023522 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/Integration/Environment/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCgAAAAI"]
[Mon Jul 28 20:46:23.023715 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/Integration/Environment/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCgAAAAI"]
[Mon Jul 28 20:46:23.043834 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/todo-react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/todo-react/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCwAAAAI"]
[Mon Jul 28 20:46:23.044028 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/todo-react/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCwAAAAI"]
[Mon Jul 28 20:46:23.044197 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tests/todo-react/.env"] [unique_id "aIfFfztW59P3rmsxDxVqCwAAAAI"]
[Mon Jul 28 20:46:23.064305 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testwork_json/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/testwork_json/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDAAAAAI"]
[Mon Jul 28 20:46:23.064482 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/testwork_json/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDAAAAAI"]
[Mon Jul 28 20:46:23.064645 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/testwork_json/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDAAAAAI"]
[Mon Jul 28 20:46:23.084983 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /theme/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/theme/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDQAAAAI"]
[Mon Jul 28 20:46:23.085161 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/theme/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDQAAAAI"]
[Mon Jul 28 20:46:23.085316 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/theme/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDQAAAAI"]
[Mon Jul 28 20:46:23.105563 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /theme_static/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/theme_static/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDgAAAAI"]
[Mon Jul 28 20:46:23.105748 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/theme_static/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDgAAAAI"]
[Mon Jul 28 20:46:23.105908 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/theme_static/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDgAAAAI"]
[Mon Jul 28 20:46:23.126118 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /thumb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/thumb/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDwAAAAI"]
[Mon Jul 28 20:46:23.126316 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/thumb/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDwAAAAI"]
[Mon Jul 28 20:46:23.126513 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/thumb/.env"] [unique_id "aIfFfztW59P3rmsxDxVqDwAAAAI"]
[Mon Jul 28 20:46:23.147119 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /thumbs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/thumbs/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEAAAAAI"]
[Mon Jul 28 20:46:23.147353 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/thumbs/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEAAAAAI"]
[Mon Jul 28 20:46:23.147543 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/thumbs/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEAAAAAI"]
[Mon Jul 28 20:46:23.167754 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tiedostot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tiedostot/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEQAAAAI"]
[Mon Jul 28 20:46:23.167978 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tiedostot/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEQAAAAI"]
[Mon Jul 28 20:46:23.168167 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tiedostot/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEQAAAAI"]
[Mon Jul 28 20:46:23.209598 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEwAAAAI"]
[Mon Jul 28 20:46:23.209817 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEwAAAAI"]
[Mon Jul 28 20:46:23.209989 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aIfFfztW59P3rmsxDxVqEwAAAAI"]
[Mon Jul 28 20:46:23.230273 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/config/.env"] [unique_id "aIfFfztW59P3rmsxDxVqFAAAAAI"]
[Mon Jul 28 20:46:23.230484 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/config/.env"] [unique_id "aIfFfztW59P3rmsxDxVqFAAAAAI"]
[Mon Jul 28 20:46:23.230658 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/config/.env"] [unique_id "aIfFfztW59P3rmsxDxVqFAAAAAI"]
[Mon Jul 28 20:46:23.316820 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGAAAAAI"]
[Mon Jul 28 20:46:23.317019 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGAAAAAI"]
[Mon Jul 28 20:46:23.317184 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGAAAAAI"]
[Mon Jul 28 20:46:23.337274 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travel_form/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Travel_form/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGQAAAAI"]
[Mon Jul 28 20:46:23.337471 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Travel_form/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGQAAAAI"]
[Mon Jul 28 20:46:23.337642 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Travel_form/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGQAAAAI"]
[Mon Jul 28 20:46:23.370100 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ts/prime/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ts/prime/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGgAAAAI"]
[Mon Jul 28 20:46:23.370309 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ts/prime/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGgAAAAI"]
[Mon Jul 28 20:46:23.370500 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ts/prime/.env"] [unique_id "aIfFfztW59P3rmsxDxVqGgAAAAI"]
[Mon Jul 28 20:46:23.432688 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ubuntu/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ubuntu/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHQAAAAI"]
[Mon Jul 28 20:46:23.432877 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ubuntu/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHQAAAAI"]
[Mon Jul 28 20:46:23.433052 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ubuntu/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHQAAAAI"]
[Mon Jul 28 20:46:23.453976 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ui/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ui/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHgAAAAI"]
[Mon Jul 28 20:46:23.454163 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ui/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHgAAAAI"]
[Mon Jul 28 20:46:23.454405 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ui/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHgAAAAI"]
[Mon Jul 28 20:46:23.474290 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /unixtime/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/unixtime/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHwAAAAI"]
[Mon Jul 28 20:46:23.474500 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/unixtime/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHwAAAAI"]
[Mon Jul 28 20:46:23.474664 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/unixtime/.env"] [unique_id "aIfFfztW59P3rmsxDxVqHwAAAAI"]
[Mon Jul 28 20:46:23.494865 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /unsplash-downloader/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/unsplash-downloader/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIAAAAAI"]
[Mon Jul 28 20:46:23.495048 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/unsplash-downloader/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIAAAAAI"]
[Mon Jul 28 20:46:23.495220 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/unsplash-downloader/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIAAAAAI"]
[Mon Jul 28 20:46:23.536654 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /upfiles/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/upfiles/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIgAAAAI"]
[Mon Jul 28 20:46:23.536848 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/upfiles/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIgAAAAI"]
[Mon Jul 28 20:46:23.537022 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/upfiles/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIgAAAAI"]
[Mon Jul 28 20:46:23.557346 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /upload/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/upload/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIwAAAAI"]
[Mon Jul 28 20:46:23.557568 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/upload/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIwAAAAI"]
[Mon Jul 28 20:46:23.557753 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/upload/.env"] [unique_id "aIfFfztW59P3rmsxDxVqIwAAAAI"]
[Mon Jul 28 20:46:23.577947 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aIfFfztW59P3rmsxDxVqJAAAAAI"]
[Mon Jul 28 20:46:23.578137 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aIfFfztW59P3rmsxDxVqJAAAAAI"]
[Mon Jul 28 20:46:23.578295 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aIfFfztW59P3rmsxDxVqJAAAAAI"]
[Mon Jul 28 20:46:23.598444 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /urlmem-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/urlmem-app/.env"] [unique_id "aIfFfztW59P3rmsxDxVqJQAAAAI"]
[Mon Jul 28 20:46:23.598646 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/urlmem-app/.env"] [unique_id "aIfFfztW59P3rmsxDxVqJQAAAAI"]
[Mon Jul 28 20:46:23.598816 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/urlmem-app/.env"] [unique_id "aIfFfztW59P3rmsxDxVqJQAAAAI"]
[Mon Jul 28 20:46:23.619117 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aIfFfztW59P3rmsxDxVqJgAAAAI"]
[Mon Jul 28 20:46:23.619321 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aIfFfztW59P3rmsxDxVqJgAAAAI"]
[Mon Jul 28 20:46:23.619491 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/user/.env.staging"] [unique_id "aIfFfztW59P3rmsxDxVqJgAAAAI"]
[Mon Jul 28 20:46:23.661239 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user_info/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/User_info/.env"] [unique_id "aIfFfztW59P3rmsxDxVqKAAAAAI"]
[Mon Jul 28 20:46:23.661426 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/User_info/.env"] [unique_id "aIfFfztW59P3rmsxDxVqKAAAAAI"]
[Mon Jul 28 20:46:23.661584 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/User_info/.env"] [unique_id "aIfFfztW59P3rmsxDxVqKAAAAAI"]
[Mon Jul 28 20:46:23.681749 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aIfFfztW59P3rmsxDxVqKQAAAAI"]
[Mon Jul 28 20:46:23.681942 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aIfFfztW59P3rmsxDxVqKQAAAAI"]
[Mon Jul 28 20:46:23.682096 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aIfFfztW59P3rmsxDxVqKQAAAAI"]
[Mon Jul 28 20:46:23.766885 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLQAAAAI"]
[Mon Jul 28 20:46:23.767090 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLQAAAAI"]
[Mon Jul 28 20:46:23.767259 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLQAAAAI"]
[Mon Jul 28 20:46:23.787298 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/var/backup/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLgAAAAI"]
[Mon Jul 28 20:46:23.787506 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/backup/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLgAAAAI"]
[Mon Jul 28 20:46:23.787669 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/backup/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLgAAAAI"]
[Mon Jul 28 20:46:23.807808 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLwAAAAI"]
[Mon Jul 28 20:46:23.807997 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLwAAAAI"]
[Mon Jul 28 20:46:23.808156 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aIfFfztW59P3rmsxDxVqLwAAAAI"]
[Mon Jul 28 20:46:23.829062 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/github.com/gobuffalo/envy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/gobuffalo/envy/.env"] [unique_id "aIfFfztW59P3rmsxDxVqMAAAAAI"]
[Mon Jul 28 20:46:23.829254 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/gobuffalo/envy/.env"] [unique_id "aIfFfztW59P3rmsxDxVqMAAAAAI"]
[Mon Jul 28 20:46:23.829412 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/gobuffalo/envy/.env"] [unique_id "aIfFfztW59P3rmsxDxVqMAAAAAI"]
[Mon Jul 28 20:46:23.849542 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/github.com/subosito/gotenv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/subosito/gotenv/.env"] [unique_id "aIfFfztW59P3rmsxDxVqMQAAAAI"]
[Mon Jul 28 20:46:23.849731 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/subosito/gotenv/.env"] [unique_id "aIfFfztW59P3rmsxDxVqMQAAAAI"]
[Mon Jul 28 20:46:23.849981 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/github.com/subosito/gotenv/.env"] [unique_id "aIfFfztW59P3rmsxDxVqMQAAAAI"]
[Mon Jul 28 20:46:23.932322 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /videos/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/videos/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNAAAAAI"]
[Mon Jul 28 20:46:23.932539 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/videos/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNAAAAAI"]
[Mon Jul 28 20:46:23.932791 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/videos/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNAAAAAI"]
[Mon Jul 28 20:46:23.974309 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vm-docker-compose/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vm-docker-compose/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNgAAAAI"]
[Mon Jul 28 20:46:23.974554 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vm-docker-compose/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNgAAAAI"]
[Mon Jul 28 20:46:23.974730 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vm-docker-compose/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNgAAAAI"]
[Mon Jul 28 20:46:23.995120 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vod_installer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vod_installer/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNwAAAAI"]
[Mon Jul 28 20:46:23.995338 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vod_installer/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNwAAAAI"]
[Mon Jul 28 20:46:23.995513 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vod_installer/.env"] [unique_id "aIfFfztW59P3rmsxDxVqNwAAAAI"]
[Mon Jul 28 20:46:24.015633 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue-end/vue-til/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vue-end/vue-til/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOAAAAAI"]
[Mon Jul 28 20:46:24.015866 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vue-end/vue-til/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOAAAAAI"]
[Mon Jul 28 20:46:24.016054 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vue-end/vue-til/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOAAAAAI"]
[Mon Jul 28 20:46:24.036303 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vue/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOQAAAAI"]
[Mon Jul 28 20:46:24.036540 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vue/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOQAAAAI"]
[Mon Jul 28 20:46:24.036731 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vue/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOQAAAAI"]
[Mon Jul 28 20:46:24.056895 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/vuecli/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vue/vuecli/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOgAAAAI"]
[Mon Jul 28 20:46:24.057110 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vue/vuecli/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOgAAAAI"]
[Mon Jul 28 20:46:24.057326 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vue/vuecli/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOgAAAAI"]
[Mon Jul 28 20:46:24.077411 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue_crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vue_CRM/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOwAAAAI"]
[Mon Jul 28 20:46:24.077619 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vue_CRM/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOwAAAAI"]
[Mon Jul 28 20:46:24.077817 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vue_CRM/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqOwAAAAI"]
[Mon Jul 28 20:46:24.118963 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web-dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web-dist/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqPQAAAAI"]
[Mon Jul 28 20:46:24.119160 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web-dist/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqPQAAAAI"]
[Mon Jul 28 20:46:24.119335 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web-dist/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqPQAAAAI"]
[Mon Jul 28 20:46:24.140042 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aIfFgDtW59P3rmsxDxVqPgAAAAI"]
[Mon Jul 28 20:46:24.140182 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aIfFgDtW59P3rmsxDxVqPgAAAAI"]
[Mon Jul 28 20:46:24.140394 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aIfFgDtW59P3rmsxDxVqPgAAAAI"]
[Mon Jul 28 20:46:24.140569 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aIfFgDtW59P3rmsxDxVqPgAAAAI"]
[Mon Jul 28 20:46:24.203275 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/sitemariage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Web/siteMariage/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqQQAAAAI"]
[Mon Jul 28 20:46:24.203538 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Web/siteMariage/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqQQAAAAI"]
[Mon Jul 28 20:46:24.203725 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Web/siteMariage/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqQQAAAAI"]
[Mon Jul 28 20:46:24.246843 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aIfFgDtW59P3rmsxDxVqQwAAAAI"]
[Mon Jul 28 20:46:24.247068 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aIfFgDtW59P3rmsxDxVqQwAAAAI"]
[Mon Jul 28 20:46:24.247260 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aIfFgDtW59P3rmsxDxVqQwAAAAI"]
[Mon Jul 28 20:46:24.267336 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webroot_path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webroot_path/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRAAAAAI"]
[Mon Jul 28 20:46:24.267540 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webroot_path/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRAAAAAI"]
[Mon Jul 28 20:46:24.267712 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webroot_path/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRAAAAAI"]
[Mon Jul 28 20:46:24.288022 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRQAAAAI"]
[Mon Jul 28 20:46:24.288233 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRQAAAAI"]
[Mon Jul 28 20:46:24.288395 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRQAAAAI"]
[Mon Jul 28 20:46:24.309058 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /websocket/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/websocket/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRgAAAAI"]
[Mon Jul 28 20:46:24.309254 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/websocket/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRgAAAAI"]
[Mon Jul 28 20:46:24.309413 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/websocket/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRgAAAAI"]
[Mon Jul 28 20:46:24.329622 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webstatic/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webstatic/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRwAAAAI"]
[Mon Jul 28 20:46:24.329834 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webstatic/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRwAAAAI"]
[Mon Jul 28 20:46:24.329996 2025] [:error] [pid 1533943] [client 185.177.72.201:44388] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webstatic/.env"] [unique_id "aIfFgDtW59P3rmsxDxVqRwAAAAI"]
[Mon Jul 28 20:46:24.484944 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /well-known/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/well-known/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCAAAAA4"]
[Mon Jul 28 20:46:24.485179 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/well-known/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCAAAAA4"]
[Mon Jul 28 20:46:24.485385 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/well-known/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCAAAAA4"]
[Mon Jul 28 20:46:24.505493 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /whturk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/whturk/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCQAAAA4"]
[Mon Jul 28 20:46:24.505735 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/whturk/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCQAAAA4"]
[Mon Jul 28 20:46:24.505912 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/whturk/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCQAAAA4"]
[Mon Jul 28 20:46:24.526282 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /windows/tests/9.2.x/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.2.x/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCgAAAA4"]
[Mon Jul 28 20:46:24.526612 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.2.x/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCgAAAA4"]
[Mon Jul 28 20:46:24.526818 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.2.x/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCgAAAA4"]
[Mon Jul 28 20:46:24.546960 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /windows/tests/9.3.x/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.3.x/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCwAAAA4"]
[Mon Jul 28 20:46:24.547167 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.3.x/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCwAAAA4"]
[Mon Jul 28 20:46:24.547335 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/windows/tests/9.3.x/.env"] [unique_id "aIfFgM9E66I2YPyIb96nCwAAAA4"]
[Mon Jul 28 20:46:24.567324 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aIfFgM9E66I2YPyIb96nDAAAAA4"]
[Mon Jul 28 20:46:24.567537 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aIfFgM9E66I2YPyIb96nDAAAAA4"]
[Mon Jul 28 20:46:24.567707 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aIfFgM9E66I2YPyIb96nDAAAAA4"]
[Mon Jul 28 20:46:24.587990 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /workspace/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/workspace/.env"] [unique_id "aIfFgM9E66I2YPyIb96nDQAAAA4"]
[Mon Jul 28 20:46:24.588185 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/workspace/.env"] [unique_id "aIfFgM9E66I2YPyIb96nDQAAAA4"]
[Mon Jul 28 20:46:24.588345 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/workspace/.env"] [unique_id "aIfFgM9E66I2YPyIb96nDQAAAA4"]
[Mon Jul 28 20:46:24.608202 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "aIfFgM9E66I2YPyIb96nDgAAAA4"]
[Mon Jul 28 20:46:24.608349 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "aIfFgM9E66I2YPyIb96nDgAAAA4"]
[Mon Jul 28 20:46:24.608532 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "aIfFgM9E66I2YPyIb96nDgAAAA4"]
[Mon Jul 28 20:46:24.608691 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.old"] [unique_id "aIfFgM9E66I2YPyIb96nDgAAAA4"]
[Mon Jul 28 20:46:24.629072 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "aIfFgM9E66I2YPyIb96nDwAAAA4"]
[Mon Jul 28 20:46:24.629279 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "aIfFgM9E66I2YPyIb96nDwAAAA4"]
[Mon Jul 28 20:46:24.629441 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php-backup"] [unique_id "aIfFgM9E66I2YPyIb96nDwAAAA4"]
[Mon Jul 28 20:46:24.649462 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aIfFgM9E66I2YPyIb96nEAAAAA4"]
[Mon Jul 28 20:46:24.649649 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aIfFgM9E66I2YPyIb96nEAAAAA4"]
[Mon Jul 28 20:46:24.649806 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aIfFgM9E66I2YPyIb96nEAAAAA4"]
[Mon Jul 28 20:46:24.669845 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.txt"] [unique_id "aIfFgM9E66I2YPyIb96nEQAAAA4"]
[Mon Jul 28 20:46:24.670094 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.txt"] [unique_id "aIfFgM9E66I2YPyIb96nEQAAAA4"]
[Mon Jul 28 20:46:24.670265 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.txt"] [unique_id "aIfFgM9E66I2YPyIb96nEQAAAA4"]
[Mon Jul 28 20:46:24.690250 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aIfFgM9E66I2YPyIb96nEgAAAA4"]
[Mon Jul 28 20:46:24.690457 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aIfFgM9E66I2YPyIb96nEgAAAA4"]
[Mon Jul 28 20:46:24.690618 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aIfFgM9E66I2YPyIb96nEgAAAA4"]
[Mon Jul 28 20:46:24.710550 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aIfFgM9E66I2YPyIb96nEwAAAA4"]
[Mon Jul 28 20:46:24.710860 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aIfFgM9E66I2YPyIb96nEwAAAA4"]
[Mon Jul 28 20:46:24.711017 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aIfFgM9E66I2YPyIb96nEwAAAA4"]
[Mon Jul 28 20:46:24.752010 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-login/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-login/.env"] [unique_id "aIfFgM9E66I2YPyIb96nFQAAAA4"]
[Mon Jul 28 20:46:24.752218 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-login/.env"] [unique_id "aIfFgM9E66I2YPyIb96nFQAAAA4"]
[Mon Jul 28 20:46:24.752384 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-login/.env"] [unique_id "aIfFgM9E66I2YPyIb96nFQAAAA4"]
[Mon Jul 28 20:46:24.793426 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aIfFgM9E66I2YPyIb96nFwAAAA4"]
[Mon Jul 28 20:46:24.793668 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aIfFgM9E66I2YPyIb96nFwAAAA4"]
[Mon Jul 28 20:46:24.793845 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp/.env"] [unique_id "aIfFgM9E66I2YPyIb96nFwAAAA4"]
[Mon Jul 28 20:46:24.834896 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www-data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www-data/.env"] [unique_id "aIfFgM9E66I2YPyIb96nGQAAAA4"]
[Mon Jul 28 20:46:24.835111 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www-data/.env"] [unique_id "aIfFgM9E66I2YPyIb96nGQAAAA4"]
[Mon Jul 28 20:46:24.835287 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www-data/.env"] [unique_id "aIfFgM9E66I2YPyIb96nGQAAAA4"]
[Mon Jul 28 20:46:24.876150 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xx-final/vue-heroes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/xx-final/vue-heroes/.env"] [unique_id "aIfFgM9E66I2YPyIb96nGwAAAA4"]
[Mon Jul 28 20:46:24.876378 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/xx-final/vue-heroes/.env"] [unique_id "aIfFgM9E66I2YPyIb96nGwAAAA4"]
[Mon Jul 28 20:46:24.876564 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/xx-final/vue-heroes/.env"] [unique_id "aIfFgM9E66I2YPyIb96nGwAAAA4"]
[Mon Jul 28 20:46:24.896466 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aIfFgM9E66I2YPyIb96nHAAAAA4"]
[Mon Jul 28 20:46:24.896677 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aIfFgM9E66I2YPyIb96nHAAAAA4"]
[Mon Jul 28 20:46:24.896851 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aIfFgM9E66I2YPyIb96nHAAAAA4"]
[Mon Jul 28 20:46:24.916870 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zmusic-frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/zmusic-frontend/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHQAAAA4"]
[Mon Jul 28 20:46:24.917079 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/zmusic-frontend/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHQAAAA4"]
[Mon Jul 28 20:46:24.917254 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/zmusic-frontend/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHQAAAA4"]
[Mon Jul 28 20:46:24.937254 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:443/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHgAAAA4"]
[Mon Jul 28 20:46:24.937454 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHgAAAA4"]
[Mon Jul 28 20:46:24.937622 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:443/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHgAAAA4"]
[Mon Jul 28 20:46:24.958831 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:80/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHwAAAA4"]
[Mon Jul 28 20:46:24.959045 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHwAAAA4"]
[Mon Jul 28 20:46:24.959229 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:80/.env"] [unique_id "aIfFgM9E66I2YPyIb96nHwAAAA4"]
[Mon Jul 28 20:46:24.979894 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:8080/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "aIfFgM9E66I2YPyIb96nIAAAAA4"]
[Mon Jul 28 20:46:24.980073 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "aIfFgM9E66I2YPyIb96nIAAAAA4"]
[Mon Jul 28 20:46:24.980224 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:8080/.env"] [unique_id "aIfFgM9E66I2YPyIb96nIAAAAA4"]
[Mon Jul 28 20:46:25.000589 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:8081/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:8081/.env"] [unique_id "aIfFgM9E66I2YPyIb96nIQAAAA4"]
[Mon Jul 28 20:46:25.000791 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:8081/.env"] [unique_id "aIfFgM9E66I2YPyIb96nIQAAAA4"]
[Mon Jul 28 20:46:25.000968 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:8081/.env"] [unique_id "aIfFgM9E66I2YPyIb96nIQAAAA4"]
[Mon Jul 28 20:46:25.021195 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /:8443/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/:8443/.env"] [unique_id "aIfFgc9E66I2YPyIb96nIgAAAA4"]
[Mon Jul 28 20:46:25.021416 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/:8443/.env"] [unique_id "aIfFgc9E66I2YPyIb96nIgAAAA4"]
[Mon Jul 28 20:46:25.021596 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/:8443/.env"] [unique_id "aIfFgc9E66I2YPyIb96nIgAAAA4"]
[Mon Jul 28 20:46:25.041921 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid_email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid_email/.env"] [unique_id "aIfFgc9E66I2YPyIb96nIwAAAA4"]
[Mon Jul 28 20:46:25.042136 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid_email/.env"] [unique_id "aIfFgc9E66I2YPyIb96nIwAAAA4"]
[Mon Jul 28 20:46:25.042319 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid_email/.env"] [unique_id "aIfFgc9E66I2YPyIb96nIwAAAA4"]
[Mon Jul 28 20:46:25.073165 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sendgrid"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aIfFgc9E66I2YPyIb96nJAAAAA4"]
[Mon Jul 28 20:46:25.073398 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aIfFgc9E66I2YPyIb96nJAAAAA4"]
[Mon Jul 28 20:46:25.073577 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aIfFgc9E66I2YPyIb96nJAAAAA4"]
[Mon Jul 28 20:46:26.218264 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aIfFgs9E66I2YPyIb96nWAAAAA4"]
[Mon Jul 28 20:46:26.218509 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aIfFgs9E66I2YPyIb96nWAAAAA4"]
[Mon Jul 28 20:46:26.218679 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aIfFgs9E66I2YPyIb96nWAAAAA4"]
[Mon Jul 28 20:46:26.280745 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/configs/application.ini"] [unique_id "aIfFgs9E66I2YPyIb96nWwAAAA4"]
[Mon Jul 28 20:46:26.281046 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/configs/application.ini"] [unique_id "aIfFgs9E66I2YPyIb96nWwAAAA4"]
[Mon Jul 28 20:46:26.281232 2025] [:error] [pid 1519683] [client 185.177.72.201:44404] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/configs/application.ini"] [unique_id "aIfFgs9E66I2YPyIb96nWwAAAA4"]
[Mon Jul 28 20:46:27.016401 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sources/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sources/api/.env"] [unique_id "aIfFgxd6_yVRS98tgw1cJAAAAAM"]
[Mon Jul 28 20:46:27.016652 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sources/api/.env"] [unique_id "aIfFgxd6_yVRS98tgw1cJAAAAAM"]
[Mon Jul 28 20:46:27.016852 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sources/api/.env"] [unique_id "aIfFgxd6_yVRS98tgw1cJAAAAAM"]
[Mon Jul 28 20:46:27.108101 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /api/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "aIfFgxd6_yVRS98tgw1cKAAAAAM"]
[Mon Jul 28 20:46:27.108339 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "aIfFgxd6_yVRS98tgw1cKAAAAAM"]
[Mon Jul 28 20:46:27.108521 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.git/config"] [unique_id "aIfFgxd6_yVRS98tgw1cKAAAAAM"]
[Mon Jul 28 20:46:27.342758 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/drupal/coder/.git/info/refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/info/refs"] [unique_id "aIfFgxd6_yVRS98tgw1cMwAAAAM"]
[Mon Jul 28 20:46:27.343003 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/info/refs"] [unique_id "aIfFgxd6_yVRS98tgw1cMwAAAAM"]
[Mon Jul 28 20:46:27.343174 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/info/refs"] [unique_id "aIfFgxd6_yVRS98tgw1cMwAAAAM"]
[Mon Jul 28 20:46:27.363605 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/drupal/coder/.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/info/exclude"] [unique_id "aIfFgxd6_yVRS98tgw1cNAAAAAM"]
[Mon Jul 28 20:46:27.363843 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/info/exclude"] [unique_id "aIfFgxd6_yVRS98tgw1cNAAAAAM"]
[Mon Jul 28 20:46:27.364027 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/info/exclude"] [unique_id "aIfFgxd6_yVRS98tgw1cNAAAAAM"]
[Mon Jul 28 20:46:27.384234 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/drupal/coder/.git/objects/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/objects/info"] [unique_id "aIfFgxd6_yVRS98tgw1cNQAAAAM"]
[Mon Jul 28 20:46:27.384466 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/objects/info"] [unique_id "aIfFgxd6_yVRS98tgw1cNQAAAAM"]
[Mon Jul 28 20:46:27.384679 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/objects/info"] [unique_id "aIfFgxd6_yVRS98tgw1cNQAAAAM"]
[Mon Jul 28 20:46:27.404930 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vendor/drupal/coder/.git/objects/info/packs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/objects/info/packs"] [unique_id "aIfFgxd6_yVRS98tgw1cNgAAAAM"]
[Mon Jul 28 20:46:27.405164 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/objects/info/packs"] [unique_id "aIfFgxd6_yVRS98tgw1cNgAAAAM"]
[Mon Jul 28 20:46:27.405332 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/drupal/coder/.git/objects/info/packs"] [unique_id "aIfFgxd6_yVRS98tgw1cNgAAAAM"]
[Mon Jul 28 20:46:27.425613 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.log"] [unique_id "aIfFgxd6_yVRS98tgw1cNwAAAAM"]
[Mon Jul 28 20:46:27.425929 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.log"] [unique_id "aIfFgxd6_yVRS98tgw1cNwAAAAM"]
[Mon Jul 28 20:46:27.426096 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.log"] [unique_id "aIfFgxd6_yVRS98tgw1cNwAAAAM"]
[Mon Jul 28 20:46:27.510417 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".cs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/cmsmessages/information.aspx.cs"] [unique_id "aIfFgxd6_yVRS98tgw1cOwAAAAM"]
[Mon Jul 28 20:46:27.510763 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cmsmessages/information.aspx.cs"] [unique_id "aIfFgxd6_yVRS98tgw1cOwAAAAM"]
[Mon Jul 28 20:46:27.510958 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cmsmessages/information.aspx.cs"] [unique_id "aIfFgxd6_yVRS98tgw1cOwAAAAM"]
[Mon Jul 28 20:46:27.531135 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/module/info/include/mysql/phpcms_info.sql"] [unique_id "aIfFgxd6_yVRS98tgw1cPAAAAAM"]
[Mon Jul 28 20:46:27.531464 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/module/info/include/mysql/phpcms_info.sql"] [unique_id "aIfFgxd6_yVRS98tgw1cPAAAAAM"]
[Mon Jul 28 20:46:27.531673 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/module/info/include/mysql/phpcms_info.sql"] [unique_id "aIfFgxd6_yVRS98tgw1cPAAAAAM"]
[Mon Jul 28 20:46:27.551964 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.bak"] [unique_id "aIfFgxd6_yVRS98tgw1cPQAAAAM"]
[Mon Jul 28 20:46:27.552303 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.bak"] [unique_id "aIfFgxd6_yVRS98tgw1cPQAAAAM"]
[Mon Jul 28 20:46:27.552486 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.bak"] [unique_id "aIfFgxd6_yVRS98tgw1cPQAAAAM"]
[Mon Jul 28 20:46:28.021170 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cUgAAAAM"]
[Mon Jul 28 20:46:28.021455 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cUgAAAAM"]
[Mon Jul 28 20:46:28.021687 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cUgAAAAM"]
[Mon Jul 28 20:46:28.042020 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /blog/wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cUwAAAAM"]
[Mon Jul 28 20:46:28.042250 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cUwAAAAM"]
[Mon Jul 28 20:46:28.042449 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/blog/wp-content/themes/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cUwAAAAM"]
[Mon Jul 28 20:46:28.062593 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/themes/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cVAAAAAM"]
[Mon Jul 28 20:46:28.062826 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cVAAAAAM"]
[Mon Jul 28 20:46:28.063019 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/themes/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cVAAAAAM"]
[Mon Jul 28 20:46:28.083448 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /wp-content/plugins/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cVQAAAAM"]
[Mon Jul 28 20:46:28.083745 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cVQAAAAM"]
[Mon Jul 28 20:46:28.083944 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/plugins/.git/config"] [unique_id "aIfFhBd6_yVRS98tgw1cVQAAAAM"]
[Mon Jul 28 20:46:28.104005 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cVgAAAAM"]
[Mon Jul 28 20:46:28.104350 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cVgAAAAM"]
[Mon Jul 28 20:46:28.104537 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cVgAAAAM"]
[Mon Jul 28 20:46:28.142231 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/mysql.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cVwAAAAM"]
[Mon Jul 28 20:46:28.142613 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/mysql.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cVwAAAAM"]
[Mon Jul 28 20:46:28.142815 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/mysql.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cVwAAAAM"]
[Mon Jul 28 20:46:28.162997 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/dump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWAAAAAM"]
[Mon Jul 28 20:46:28.163346 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/dump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWAAAAAM"]
[Mon Jul 28 20:46:28.163537 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/dump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWAAAAAM"]
[Mon Jul 28 20:46:28.183658 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWQAAAAM"]
[Mon Jul 28 20:46:28.184007 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWQAAAAM"]
[Mon Jul 28 20:46:28.184194 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWQAAAAM"]
[Mon Jul 28 20:46:28.204316 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/mysql.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWgAAAAM"]
[Mon Jul 28 20:46:28.204687 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/mysql.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWgAAAAM"]
[Mon Jul 28 20:46:28.204869 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/mysql.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWgAAAAM"]
[Mon Jul 28 20:46:28.225047 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWwAAAAM"]
[Mon Jul 28 20:46:28.225396 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWwAAAAM"]
[Mon Jul 28 20:46:28.225578 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cWwAAAAM"]
[Mon Jul 28 20:46:28.245672 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXAAAAAM"]
[Mon Jul 28 20:46:28.246058 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXAAAAAM"]
[Mon Jul 28 20:46:28.246247 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/db.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXAAAAAM"]
[Mon Jul 28 20:46:28.266442 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXQAAAAM"]
[Mon Jul 28 20:46:28.266784 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXQAAAAM"]
[Mon Jul 28 20:46:28.266961 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXQAAAAM"]
[Mon Jul 28 20:46:28.287523 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXgAAAAM"]
[Mon Jul 28 20:46:28.287885 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXgAAAAM"]
[Mon Jul 28 20:46:28.288084 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXgAAAAM"]
[Mon Jul 28 20:46:28.308312 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXwAAAAM"]
[Mon Jul 28 20:46:28.308658 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXwAAAAM"]
[Mon Jul 28 20:46:28.308850 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/db_backup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cXwAAAAM"]
[Mon Jul 28 20:46:28.329522 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/fullbackup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYAAAAAM"]
[Mon Jul 28 20:46:28.329865 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/fullbackup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYAAAAAM"]
[Mon Jul 28 20:46:28.330040 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/fullbackup.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYAAAAAM"]
[Mon Jul 28 20:46:28.350385 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/fullwebsite.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYQAAAAM"]
[Mon Jul 28 20:46:28.350732 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/fullwebsite.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYQAAAAM"]
[Mon Jul 28 20:46:28.350930 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/fullwebsite.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYQAAAAM"]
[Mon Jul 28 20:46:28.371125 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYgAAAAM"]
[Mon Jul 28 20:46:28.371464 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYgAAAAM"]
[Mon Jul 28 20:46:28.371755 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYgAAAAM"]
[Mon Jul 28 20:46:28.391962 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYwAAAAM"]
[Mon Jul 28 20:46:28.392314 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYwAAAAM"]
[Mon Jul 28 20:46:28.392548 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cYwAAAAM"]
[Mon Jul 28 20:46:28.412806 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZAAAAAM"]
[Mon Jul 28 20:46:28.413150 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZAAAAAM"]
[Mon Jul 28 20:46:28.413341 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZAAAAAM"]
[Mon Jul 28 20:46:28.433818 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZQAAAAM"]
[Mon Jul 28 20:46:28.434190 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZQAAAAM"]
[Mon Jul 28 20:46:28.434400 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/data.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZQAAAAM"]
[Mon Jul 28 20:46:28.454617 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/database.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZgAAAAM"]
[Mon Jul 28 20:46:28.454958 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/database.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZgAAAAM"]
[Mon Jul 28 20:46:28.455189 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/database.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZgAAAAM"]
[Mon Jul 28 20:46:28.475349 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/database.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZwAAAAM"]
[Mon Jul 28 20:46:28.475708 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/database.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZwAAAAM"]
[Mon Jul 28 20:46:28.475895 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/database.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cZwAAAAM"]
[Mon Jul 28 20:46:28.496078 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/wordpress.sql"] [unique_id "aIfFhBd6_yVRS98tgw1caAAAAAM"]
[Mon Jul 28 20:46:28.496438 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/wordpress.sql"] [unique_id "aIfFhBd6_yVRS98tgw1caAAAAAM"]
[Mon Jul 28 20:46:28.496640 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/wordpress.sql"] [unique_id "aIfFhBd6_yVRS98tgw1caAAAAAM"]
[Mon Jul 28 20:46:28.516879 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/wordpress.sql"] [unique_id "aIfFhBd6_yVRS98tgw1caQAAAAM"]
[Mon Jul 28 20:46:28.517216 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/wordpress.sql"] [unique_id "aIfFhBd6_yVRS98tgw1caQAAAAM"]
[Mon Jul 28 20:46:28.517390 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/wordpress.sql"] [unique_id "aIfFhBd6_yVRS98tgw1caQAAAAM"]
[Mon Jul 28 20:46:28.537526 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cagAAAAM"]
[Mon Jul 28 20:46:28.537869 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cagAAAAM"]
[Mon Jul 28 20:46:28.538046 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cagAAAAM"]
[Mon Jul 28 20:46:28.558239 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cawAAAAM"]
[Mon Jul 28 20:46:28.558593 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cawAAAAM"]
[Mon Jul 28 20:46:28.558809 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/uploads/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cawAAAAM"]
[Mon Jul 28 20:46:28.578914 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cbAAAAAM"]
[Mon Jul 28 20:46:28.579385 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cbAAAAAM"]
[Mon Jul 28 20:46:28.579556 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backups/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cbAAAAAM"]
[Mon Jul 28 20:46:28.599647 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cbQAAAAM"]
[Mon Jul 28 20:46:28.599974 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cbQAAAAM"]
[Mon Jul 28 20:46:28.600140 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/backup/dbdump.sql"] [unique_id "aIfFhBd6_yVRS98tgw1cbQAAAAM"]
[Mon Jul 28 20:46:28.620196 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cbgAAAAM"]
[Mon Jul 28 20:46:28.620351 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cbgAAAAM"]
[Mon Jul 28 20:46:28.620569 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cbgAAAAM"]
[Mon Jul 28 20:46:28.620737 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cbgAAAAM"]
[Mon Jul 28 20:46:28.640895 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config-sample.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cbwAAAAM"]
[Mon Jul 28 20:46:28.641228 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config-sample.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cbwAAAAM"]
[Mon Jul 28 20:46:28.641418 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config-sample.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cbwAAAAM"]
[Mon Jul 28 20:46:28.681346 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak1"] [unique_id "aIfFhBd6_yVRS98tgw1ccAAAAAM"]
[Mon Jul 28 20:46:28.681581 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak1"] [unique_id "aIfFhBd6_yVRS98tgw1ccAAAAAM"]
[Mon Jul 28 20:46:28.681763 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak1"] [unique_id "aIfFhBd6_yVRS98tgw1ccAAAAAM"]
[Mon Jul 28 20:46:28.701977 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.bak1"] [unique_id "aIfFhBd6_yVRS98tgw1ccQAAAAM"]
[Mon Jul 28 20:46:28.702200 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.bak1"] [unique_id "aIfFhBd6_yVRS98tgw1ccQAAAAM"]
[Mon Jul 28 20:46:28.702393 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.bak1"] [unique_id "aIfFhBd6_yVRS98tgw1ccQAAAAM"]
[Mon Jul 28 20:46:28.722613 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ccgAAAAM"]
[Mon Jul 28 20:46:28.722942 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ccgAAAAM"]
[Mon Jul 28 20:46:28.723144 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ccgAAAAM"]
[Mon Jul 28 20:46:28.743442 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/connect.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ccwAAAAM"]
[Mon Jul 28 20:46:28.743800 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/connect.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ccwAAAAM"]
[Mon Jul 28 20:46:28.743992 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/connect.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ccwAAAAM"]
[Mon Jul 28 20:46:28.764461 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdAAAAAM"]
[Mon Jul 28 20:46:28.764869 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdAAAAAM"]
[Mon Jul 28 20:46:28.765066 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdAAAAAM"]
[Mon Jul 28 20:46:28.785172 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/conn.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdQAAAAM"]
[Mon Jul 28 20:46:28.785492 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conn.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdQAAAAM"]
[Mon Jul 28 20:46:28.785660 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conn.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdQAAAAM"]
[Mon Jul 28 20:46:28.805598 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/conn.asp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdgAAAAM"]
[Mon Jul 28 20:46:28.805890 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conn.asp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdgAAAAM"]
[Mon Jul 28 20:46:28.806041 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conn.asp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdgAAAAM"]
[Mon Jul 28 20:46:28.825972 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.asp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdwAAAAM"]
[Mon Jul 28 20:46:28.826268 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.asp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdwAAAAM"]
[Mon Jul 28 20:46:28.826423 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/connection.asp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cdwAAAAM"]
[Mon Jul 28 20:46:28.846333 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.jsp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ceAAAAAM"]
[Mon Jul 28 20:46:28.846635 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.jsp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ceAAAAAM"]
[Mon Jul 28 20:46:28.846780 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.jsp.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ceAAAAAM"]
[Mon Jul 28 20:46:28.866587 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ceQAAAAM"]
[Mon Jul 28 20:46:28.866862 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ceQAAAAM"]
[Mon Jul 28 20:46:28.867014 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini.bak"] [unique_id "aIfFhBd6_yVRS98tgw1ceQAAAAM"]
[Mon Jul 28 20:46:28.887116 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cegAAAAM"]
[Mon Jul 28 20:46:28.887399 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cegAAAAM"]
[Mon Jul 28 20:46:28.887564 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cegAAAAM"]
[Mon Jul 28 20:46:28.907404 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config_ucenter.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cewAAAAM"]
[Mon Jul 28 20:46:28.907696 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config_ucenter.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cewAAAAM"]
[Mon Jul 28 20:46:28.907862 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config_ucenter.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cewAAAAM"]
[Mon Jul 28 20:46:28.927678 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config_global.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfAAAAAM"]
[Mon Jul 28 20:46:28.927960 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config_global.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfAAAAAM"]
[Mon Jul 28 20:46:28.928137 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config_global.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfAAAAAM"]
[Mon Jul 28 20:46:28.948357 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/bitrix/php_interface/dbconn.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfQAAAAM"]
[Mon Jul 28 20:46:28.948665 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/bitrix/php_interface/dbconn.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfQAAAAM"]
[Mon Jul 28 20:46:28.948820 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/bitrix/php_interface/dbconn.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfQAAAAM"]
[Mon Jul 28 20:46:28.968798 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/uc_server/data/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfgAAAAM"]
[Mon Jul 28 20:46:28.969080 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/uc_server/data/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfgAAAAM"]
[Mon Jul 28 20:46:28.969231 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/uc_server/data/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfgAAAAM"]
[Mon Jul 28 20:46:28.989371 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/data/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfwAAAAM"]
[Mon Jul 28 20:46:28.989677 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfwAAAAM"]
[Mon Jul 28 20:46:28.989863 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/config.inc.php.bak"] [unique_id "aIfFhBd6_yVRS98tgw1cfwAAAAM"]
[Mon Jul 28 20:46:29.009910 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgAAAAAM"]
[Mon Jul 28 20:46:29.010192 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgAAAAAM"]
[Mon Jul 28 20:46:29.010356 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgAAAAAM"]
[Mon Jul 28 20:46:29.030296 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/content/debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgQAAAAM"]
[Mon Jul 28 20:46:29.030587 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/content/debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgQAAAAM"]
[Mon Jul 28 20:46:29.030733 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/content/debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgQAAAAM"]
[Mon Jul 28 20:46:29.050871 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cggAAAAM"]
[Mon Jul 28 20:46:29.051011 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/npm-debug.log" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /npm-debug.log found within REQUEST_FILENAME: /npm-debug.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cggAAAAM"]
[Mon Jul 28 20:46:29.051196 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cggAAAAM"]
[Mon Jul 28 20:46:29.051353 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/npm-debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cggAAAAM"]
[Mon Jul 28 20:46:29.071309 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn-debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgwAAAAM"]
[Mon Jul 28 20:46:29.071624 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn-debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgwAAAAM"]
[Mon Jul 28 20:46:29.071803 2025] [:error] [pid 1522294] [client 185.177.72.201:44412] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn-debug.log"] [unique_id "aIfFhRd6_yVRS98tgw1cgwAAAAM"]
[Mon Jul 28 20:46:29.373796 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.sql"] [unique_id "aIfFhQ9nLjdPblA-25FX6QAAAAU"]
[Mon Jul 28 20:46:29.374127 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.sql"] [unique_id "aIfFhQ9nLjdPblA-25FX6QAAAAU"]
[Mon Jul 28 20:46:29.374308 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.sql"] [unique_id "aIfFhQ9nLjdPblA-25FX6QAAAAU"]
[Mon Jul 28 20:46:29.464143 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql_debug.sql"] [unique_id "aIfFhQ9nLjdPblA-25FX7AAAAAU"]
[Mon Jul 28 20:46:29.464489 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql_debug.sql"] [unique_id "aIfFhQ9nLjdPblA-25FX7AAAAAU"]
[Mon Jul 28 20:46:29.464679 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql_debug.sql"] [unique_id "aIfFhQ9nLjdPblA-25FX7AAAAAU"]
[Mon Jul 28 20:46:29.493924 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /root/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aIfFhQ9nLjdPblA-25FX7QAAAAU"]
[Mon Jul 28 20:46:29.494151 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aIfFhQ9nLjdPblA-25FX7QAAAAU"]
[Mon Jul 28 20:46:29.494329 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/root/.aws/credentials"] [unique_id "aIfFhQ9nLjdPblA-25FX7QAAAAU"]
[Mon Jul 28 20:46:29.586522 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config.yaml"] [unique_id "aIfFhQ9nLjdPblA-25FX8AAAAAU"]
[Mon Jul 28 20:46:29.586754 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config.yaml"] [unique_id "aIfFhQ9nLjdPblA-25FX8AAAAAU"]
[Mon Jul 28 20:46:29.586950 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config.yaml"] [unique_id "aIfFhQ9nLjdPblA-25FX8AAAAAU"]
[Mon Jul 28 20:46:29.676335 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aIfFhQ9nLjdPblA-25FX8wAAAAU"]
[Mon Jul 28 20:46:29.676648 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aIfFhQ9nLjdPblA-25FX8wAAAAU"]
[Mon Jul 28 20:46:29.676811 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.old"] [unique_id "aIfFhQ9nLjdPblA-25FX8wAAAAU"]
[Mon Jul 28 20:46:29.736332 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.json.bak"] [unique_id "aIfFhQ9nLjdPblA-25FX9QAAAAU"]
[Mon Jul 28 20:46:29.736658 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.json.bak"] [unique_id "aIfFhQ9nLjdPblA-25FX9QAAAAU"]
[Mon Jul 28 20:46:29.736826 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.json.bak"] [unique_id "aIfFhQ9nLjdPblA-25FX9QAAAAU"]
[Mon Jul 28 20:46:29.796164 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.js.bak"] [unique_id "aIfFhQ9nLjdPblA-25FX9wAAAAU"]
[Mon Jul 28 20:46:29.796511 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.js.bak"] [unique_id "aIfFhQ9nLjdPblA-25FX9wAAAAU"]
[Mon Jul 28 20:46:29.796680 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.js.bak"] [unique_id "aIfFhQ9nLjdPblA-25FX9wAAAAU"]
[Mon Jul 28 20:46:29.915800 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".inc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.inc"] [unique_id "aIfFhQ9nLjdPblA-25FX-wAAAAU"]
[Mon Jul 28 20:46:29.916121 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.inc"] [unique_id "aIfFhQ9nLjdPblA-25FX-wAAAAU"]
[Mon Jul 28 20:46:29.916308 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.inc"] [unique_id "aIfFhQ9nLjdPblA-25FX-wAAAAU"]
[Mon Jul 28 20:46:30.036330 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.bak"] [unique_id "aIfFhg9nLjdPblA-25FX_wAAAAU"]
[Mon Jul 28 20:46:30.036702 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.bak"] [unique_id "aIfFhg9nLjdPblA-25FX_wAAAAU"]
[Mon Jul 28 20:46:30.036870 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.bak"] [unique_id "aIfFhg9nLjdPblA-25FX_wAAAAU"]
[Mon Jul 28 20:46:30.065767 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.old"] [unique_id "aIfFhg9nLjdPblA-25FYAAAAAAU"]
[Mon Jul 28 20:46:30.066066 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.old"] [unique_id "aIfFhg9nLjdPblA-25FYAAAAAAU"]
[Mon Jul 28 20:46:30.066291 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.php.old"] [unique_id "aIfFhg9nLjdPblA-25FYAAAAAAU"]
[Mon Jul 28 20:46:30.125612 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aIfFhg9nLjdPblA-25FYAgAAAAU"]
[Mon Jul 28 20:46:30.125830 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aIfFhg9nLjdPblA-25FYAgAAAAU"]
[Mon Jul 28 20:46:30.126013 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aIfFhg9nLjdPblA-25FYAgAAAAU"]
[Mon Jul 28 20:46:30.155168 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aIfFhg9nLjdPblA-25FYAwAAAAU"]
[Mon Jul 28 20:46:30.155372 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aIfFhg9nLjdPblA-25FYAwAAAAU"]
[Mon Jul 28 20:46:30.155527 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aIfFhg9nLjdPblA-25FYAwAAAAU"]
[Mon Jul 28 20:46:30.184643 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aIfFhg9nLjdPblA-25FYBAAAAAU"]
[Mon Jul 28 20:46:30.184865 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aIfFhg9nLjdPblA-25FYBAAAAAU"]
[Mon Jul 28 20:46:30.185037 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aIfFhg9nLjdPblA-25FYBAAAAAU"]
[Mon Jul 28 20:46:30.289593 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php.log"] [unique_id "aIfFhg9nLjdPblA-25FYBwAAAAU"]
[Mon Jul 28 20:46:30.289901 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php.log"] [unique_id "aIfFhg9nLjdPblA-25FYBwAAAAU"]
[Mon Jul 28 20:46:30.290074 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php.log"] [unique_id "aIfFhg9nLjdPblA-25FYBwAAAAU"]
[Mon Jul 28 20:46:30.319065 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/build.log"] [unique_id "aIfFhg9nLjdPblA-25FYCAAAAAU"]
[Mon Jul 28 20:46:30.319381 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/build.log"] [unique_id "aIfFhg9nLjdPblA-25FYCAAAAAU"]
[Mon Jul 28 20:46:30.319568 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/build.log"] [unique_id "aIfFhg9nLjdPblA-25FYCAAAAAU"]
[Mon Jul 28 20:46:30.741578 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/service.pwd"] [unique_id "aIfFhg9nLjdPblA-25FYFgAAAAU"]
[Mon Jul 28 20:46:30.741909 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/service.pwd"] [unique_id "aIfFhg9nLjdPblA-25FYFgAAAAU"]
[Mon Jul 28 20:46:30.742078 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/service.pwd"] [unique_id "aIfFhg9nLjdPblA-25FYFgAAAAU"]
[Mon Jul 28 20:46:30.831185 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.php.bak"] [unique_id "aIfFhg9nLjdPblA-25FYGQAAAAU"]
[Mon Jul 28 20:46:30.831499 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.php.bak"] [unique_id "aIfFhg9nLjdPblA-25FYGQAAAAU"]
[Mon Jul 28 20:46:30.831671 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.php.bak"] [unique_id "aIfFhg9nLjdPblA-25FYGQAAAAU"]
[Mon Jul 28 20:46:30.860701 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml.bak"] [unique_id "aIfFhg9nLjdPblA-25FYGgAAAAU"]
[Mon Jul 28 20:46:30.860842 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml.bak"] [unique_id "aIfFhg9nLjdPblA-25FYGgAAAAU"]
[Mon Jul 28 20:46:30.861040 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml.bak"] [unique_id "aIfFhg9nLjdPblA-25FYGgAAAAU"]
[Mon Jul 28 20:46:30.861216 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml.bak"] [unique_id "aIfFhg9nLjdPblA-25FYGgAAAAU"]
[Mon Jul 28 20:46:30.890192 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aIfFhg9nLjdPblA-25FYGwAAAAU"]
[Mon Jul 28 20:46:30.890539 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aIfFhg9nLjdPblA-25FYGwAAAAU"]
[Mon Jul 28 20:46:30.890722 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aIfFhg9nLjdPblA-25FYGwAAAAU"]
[Mon Jul 28 20:46:30.919820 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHAAAAAU"]
[Mon Jul 28 20:46:30.920139 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHAAAAAU"]
[Mon Jul 28 20:46:30.920316 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mysql.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHAAAAAU"]
[Mon Jul 28 20:46:30.949471 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHQAAAAU"]
[Mon Jul 28 20:46:30.949797 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHQAAAAU"]
[Mon Jul 28 20:46:30.949978 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHQAAAAU"]
[Mon Jul 28 20:46:30.979171 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHgAAAAU"]
[Mon Jul 28 20:46:30.979488 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHgAAAAU"]
[Mon Jul 28 20:46:30.979671 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site.sql"] [unique_id "aIfFhg9nLjdPblA-25FYHgAAAAU"]
[Mon Jul 28 20:46:31.008714 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress.sql"] [unique_id "aIfFhw9nLjdPblA-25FYHwAAAAU"]
[Mon Jul 28 20:46:31.009037 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress.sql"] [unique_id "aIfFhw9nLjdPblA-25FYHwAAAAU"]
[Mon Jul 28 20:46:31.009216 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress.sql"] [unique_id "aIfFhw9nLjdPblA-25FYHwAAAAU"]
[Mon Jul 28 20:46:31.038157 2025] [authz_core:error] [pid 1530492] [client 185.177.72.201:44428] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Mon Jul 28 20:46:31.097499 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "parameters.yml" at ARGS:file. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "96"] [id "930120"] [msg "OS File Access Attempt"] [data "Matched Data: parameters.yml found within ARGS:file: app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIfFhw9nLjdPblA-25FYIgAAAAU"]
[Mon Jul 28 20:46:31.097929 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIfFhw9nLjdPblA-25FYIgAAAAU"]
[Mon Jul 28 20:46:31.098128 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app_dev.php/_profiler/open"] [unique_id "aIfFhw9nLjdPblA-25FYIgAAAAU"]
[Mon Jul 28 20:46:31.127126 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "aIfFhw9nLjdPblA-25FYIwAAAAU"]
[Mon Jul 28 20:46:31.127439 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "aIfFhw9nLjdPblA-25FYIwAAAAU"]
[Mon Jul 28 20:46:31.127626 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-private.key"] [unique_id "aIfFhw9nLjdPblA-25FYIwAAAAU"]
[Mon Jul 28 20:46:31.156714 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "aIfFhw9nLjdPblA-25FYJAAAAAU"]
[Mon Jul 28 20:46:31.157044 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "aIfFhw9nLjdPblA-25FYJAAAAAU"]
[Mon Jul 28 20:46:31.157241 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/oauth-public.key"] [unique_id "aIfFhw9nLjdPblA-25FYJAAAAAU"]
[Mon Jul 28 20:46:31.186239 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/stack.log"] [unique_id "aIfFhw9nLjdPblA-25FYJQAAAAU"]
[Mon Jul 28 20:46:31.187267 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/stack.log"] [unique_id "aIfFhw9nLjdPblA-25FYJQAAAAU"]
[Mon Jul 28 20:46:31.187465 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/stack.log"] [unique_id "aIfFhw9nLjdPblA-25FYJQAAAAU"]
[Mon Jul 28 20:46:31.216535 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/debug.log"] [unique_id "aIfFhw9nLjdPblA-25FYJgAAAAU"]
[Mon Jul 28 20:46:31.216868 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/debug.log"] [unique_id "aIfFhw9nLjdPblA-25FYJgAAAAU"]
[Mon Jul 28 20:46:31.217043 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/debug.log"] [unique_id "aIfFhw9nLjdPblA-25FYJgAAAAU"]
[Mon Jul 28 20:46:31.863119 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.example"] [unique_id "aIfFhw9nLjdPblA-25FYOgAAAAU"]
[Mon Jul 28 20:46:31.863328 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.example"] [unique_id "aIfFhw9nLjdPblA-25FYOgAAAAU"]
[Mon Jul 28 20:46:31.863549 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.example"] [unique_id "aIfFhw9nLjdPblA-25FYOgAAAAU"]
[Mon Jul 28 20:46:31.982366 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/errors.log"] [unique_id "aIfFhw9nLjdPblA-25FYPgAAAAU"]
[Mon Jul 28 20:46:31.982682 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/errors.log"] [unique_id "aIfFhw9nLjdPblA-25FYPgAAAAU"]
[Mon Jul 28 20:46:31.982859 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/errors.log"] [unique_id "aIfFhw9nLjdPblA-25FYPgAAAAU"]
[Mon Jul 28 20:46:32.012133 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aIfFiA9nLjdPblA-25FYPwAAAAU"]
[Mon Jul 28 20:46:32.012458 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aIfFiA9nLjdPblA-25FYPwAAAAU"]
[Mon Jul 28 20:46:32.012646 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aIfFiA9nLjdPblA-25FYPwAAAAU"]
[Mon Jul 28 20:46:32.041827 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/export.sql"] [unique_id "aIfFiA9nLjdPblA-25FYQAAAAAU"]
[Mon Jul 28 20:46:32.042154 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/export.sql"] [unique_id "aIfFiA9nLjdPblA-25FYQAAAAAU"]
[Mon Jul 28 20:46:32.042314 2025] [:error] [pid 1530492] [client 185.177.72.201:44428] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/export.sql"] [unique_id "aIfFiA9nLjdPblA-25FYQAAAAAU"]
[Mon Jul 28 20:46:32.639514 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aIfFiFcqnrybmcpdiyhj2gAAAAc"]
[Mon Jul 28 20:46:32.639865 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aIfFiFcqnrybmcpdiyhj2gAAAAc"]
[Mon Jul 28 20:46:32.640104 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aIfFiFcqnrybmcpdiyhj2gAAAAc"]
[Mon Jul 28 20:46:32.686604 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aIfFiFcqnrybmcpdiyhj3AAAAAc"]
[Mon Jul 28 20:46:32.686850 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aIfFiFcqnrybmcpdiyhj3AAAAAc"]
[Mon Jul 28 20:46:32.687047 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aIfFiFcqnrybmcpdiyhj3AAAAAc"]
[Mon Jul 28 20:46:32.830084 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/config.bak"] [unique_id "aIfFiFcqnrybmcpdiyhj4gAAAAc"]
[Mon Jul 28 20:46:32.830450 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/config.bak"] [unique_id "aIfFiFcqnrybmcpdiyhj4gAAAAc"]
[Mon Jul 28 20:46:32.830654 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/config.bak"] [unique_id "aIfFiFcqnrybmcpdiyhj4gAAAAc"]
[Mon Jul 28 20:46:32.901204 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wordpress/wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "aIfFiFcqnrybmcpdiyhj5QAAAAc"]
[Mon Jul 28 20:46:32.901441 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "aIfFiFcqnrybmcpdiyhj5QAAAAc"]
[Mon Jul 28 20:46:32.901631 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/wp-config.php"] [unique_id "aIfFiFcqnrybmcpdiyhj5QAAAAc"]
[Mon Jul 28 20:46:32.947951 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aIfFiFcqnrybmcpdiyhj5wAAAAc"]
[Mon Jul 28 20:46:32.948177 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aIfFiFcqnrybmcpdiyhj5wAAAAc"]
[Mon Jul 28 20:46:32.948367 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aIfFiFcqnrybmcpdiyhj5wAAAAc"]
[Mon Jul 28 20:46:32.970958 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aIfFiFcqnrybmcpdiyhj6AAAAAc"]
[Mon Jul 28 20:46:32.971178 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aIfFiFcqnrybmcpdiyhj6AAAAAc"]
[Mon Jul 28 20:46:32.971384 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aIfFiFcqnrybmcpdiyhj6AAAAAc"]
[Mon Jul 28 20:46:32.994035 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.hg/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.hg/ found within REQUEST_FILENAME: /.hg/hgrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/hgrc"] [unique_id "aIfFiFcqnrybmcpdiyhj6QAAAAc"]
[Mon Jul 28 20:46:32.994252 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/hgrc"] [unique_id "aIfFiFcqnrybmcpdiyhj6QAAAAc"]
[Mon Jul 28 20:46:32.994439 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.hg/hgrc"] [unique_id "aIfFiFcqnrybmcpdiyhj6QAAAAc"]
[Mon Jul 28 20:46:33.016999 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aIfFiVcqnrybmcpdiyhj6gAAAAc"]
[Mon Jul 28 20:46:33.017216 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aIfFiVcqnrybmcpdiyhj6gAAAAc"]
[Mon Jul 28 20:46:33.017400 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aIfFiVcqnrybmcpdiyhj6gAAAAc"]
[Mon Jul 28 20:46:33.039751 2025] [authz_core:error] [pid 1533944] [client 185.177.72.201:61026] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htpasswd
[Mon Jul 28 20:46:33.062757 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".bash_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bash_history found within REQUEST_FILENAME: /.bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aIfFiVcqnrybmcpdiyhj7AAAAAc"]
[Mon Jul 28 20:46:33.062990 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aIfFiVcqnrybmcpdiyhj7AAAAAc"]
[Mon Jul 28 20:46:33.063161 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aIfFiVcqnrybmcpdiyhj7AAAAAc"]
[Mon Jul 28 20:46:33.085801 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase ".bashrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bashrc found within REQUEST_FILENAME: /.bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.bashrc"] [unique_id "aIfFiVcqnrybmcpdiyhj7QAAAAc"]
[Mon Jul 28 20:46:33.086042 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bashrc"] [unique_id "aIfFiVcqnrybmcpdiyhj7QAAAAc"]
[Mon Jul 28 20:46:33.086214 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bashrc"] [unique_id "aIfFiVcqnrybmcpdiyhj7QAAAAc"]
[Mon Jul 28 20:46:33.181028 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public.key"] [unique_id "aIfFiVcqnrybmcpdiyhj8QAAAAc"]
[Mon Jul 28 20:46:33.181357 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public.key"] [unique_id "aIfFiVcqnrybmcpdiyhj8QAAAAc"]
[Mon Jul 28 20:46:33.181542 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public.key"] [unique_id "aIfFiVcqnrybmcpdiyhj8QAAAAc"]
[Mon Jul 28 20:46:33.203870 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/ssl.key"] [unique_id "aIfFiVcqnrybmcpdiyhj8gAAAAc"]
[Mon Jul 28 20:46:33.204185 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ssl.key"] [unique_id "aIfFiVcqnrybmcpdiyhj8gAAAAc"]
[Mon Jul 28 20:46:33.204359 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ssl.key"] [unique_id "aIfFiVcqnrybmcpdiyhj8gAAAAc"]
[Mon Jul 28 20:46:33.273922 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/selfsigned.key"] [unique_id "aIfFiVcqnrybmcpdiyhj9QAAAAc"]
[Mon Jul 28 20:46:33.274265 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/selfsigned.key"] [unique_id "aIfFiVcqnrybmcpdiyhj9QAAAAc"]
[Mon Jul 28 20:46:33.274483 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/selfsigned.key"] [unique_id "aIfFiVcqnrybmcpdiyhj9QAAAAc"]
[Mon Jul 28 20:46:33.296881 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx.conf"] [unique_id "aIfFiVcqnrybmcpdiyhj9gAAAAc"]
[Mon Jul 28 20:46:33.297176 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx.conf"] [unique_id "aIfFiVcqnrybmcpdiyhj9gAAAAc"]
[Mon Jul 28 20:46:33.297340 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx.conf"] [unique_id "aIfFiVcqnrybmcpdiyhj9gAAAAc"]
[Mon Jul 28 20:46:33.320738 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/httpd.conf"] [unique_id "aIfFiVcqnrybmcpdiyhj9wAAAAc"]
[Mon Jul 28 20:46:33.321095 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/httpd.conf"] [unique_id "aIfFiVcqnrybmcpdiyhj9wAAAAc"]
[Mon Jul 28 20:46:33.321297 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/httpd.conf"] [unique_id "aIfFiVcqnrybmcpdiyhj9wAAAAc"]
[Mon Jul 28 20:46:33.367376 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aIfFiVcqnrybmcpdiyhj-QAAAAc"]
[Mon Jul 28 20:46:33.367601 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aIfFiVcqnrybmcpdiyhj-QAAAAc"]
[Mon Jul 28 20:46:33.367790 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aIfFiVcqnrybmcpdiyhj-QAAAAc"]
[Mon Jul 28 20:46:33.526907 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.ini"] [unique_id "aIfFiVcqnrybmcpdiyhj_wAAAAc"]
[Mon Jul 28 20:46:33.527245 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.ini"] [unique_id "aIfFiVcqnrybmcpdiyhj_wAAAAc"]
[Mon Jul 28 20:46:33.527426 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/settings.ini"] [unique_id "aIfFiVcqnrybmcpdiyhj_wAAAAc"]
[Mon Jul 28 20:46:33.647275 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/settings.ini"] [unique_id "aIfFiVcqnrybmcpdiyhkBAAAAAc"]
[Mon Jul 28 20:46:33.647585 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/settings.ini"] [unique_id "aIfFiVcqnrybmcpdiyhkBAAAAAc"]
[Mon Jul 28 20:46:33.647764 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/settings.ini"] [unique_id "aIfFiVcqnrybmcpdiyhkBAAAAAc"]
[Mon Jul 28 20:46:33.693666 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.conf"] [unique_id "aIfFiVcqnrybmcpdiyhkBgAAAAc"]
[Mon Jul 28 20:46:33.694008 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.conf"] [unique_id "aIfFiVcqnrybmcpdiyhkBgAAAAc"]
[Mon Jul 28 20:46:33.694185 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.conf"] [unique_id "aIfFiVcqnrybmcpdiyhkBgAAAAc"]
[Mon Jul 28 20:46:33.716627 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/sql.conf"] [unique_id "aIfFiVcqnrybmcpdiyhkBwAAAAc"]
[Mon Jul 28 20:46:33.716947 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/sql.conf"] [unique_id "aIfFiVcqnrybmcpdiyhkBwAAAAc"]
[Mon Jul 28 20:46:33.717134 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/sql.conf"] [unique_id "aIfFiVcqnrybmcpdiyhkBwAAAAc"]
[Mon Jul 28 20:46:33.739489 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aIfFiVcqnrybmcpdiyhkCAAAAAc"]
[Mon Jul 28 20:46:33.739635 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aIfFiVcqnrybmcpdiyhkCAAAAAc"]
[Mon Jul 28 20:46:33.739835 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aIfFiVcqnrybmcpdiyhkCAAAAAc"]
[Mon Jul 28 20:46:33.740009 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aIfFiVcqnrybmcpdiyhkCAAAAAc"]
[Mon Jul 28 20:46:33.833161 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/private/secret.key"] [unique_id "aIfFiVcqnrybmcpdiyhkDAAAAAc"]
[Mon Jul 28 20:46:33.833498 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/secret.key"] [unique_id "aIfFiVcqnrybmcpdiyhkDAAAAAc"]
[Mon Jul 28 20:46:33.833685 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/secret.key"] [unique_id "aIfFiVcqnrybmcpdiyhkDAAAAAc"]
[Mon Jul 28 20:46:33.973213 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.well-known/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.well-known/.env"] [unique_id "aIfFiVcqnrybmcpdiyhkEgAAAAc"]
[Mon Jul 28 20:46:33.973425 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.well-known/.env"] [unique_id "aIfFiVcqnrybmcpdiyhkEgAAAAc"]
[Mon Jul 28 20:46:33.973583 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.well-known/.env"] [unique_id "aIfFiVcqnrybmcpdiyhkEgAAAAc"]
[Mon Jul 28 20:46:34.129836 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.bak"] [unique_id "aIfFilcqnrybmcpdiyhkGAAAAAc"]
[Mon Jul 28 20:46:34.130159 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.bak"] [unique_id "aIfFilcqnrybmcpdiyhkGAAAAAc"]
[Mon Jul 28 20:46:34.130370 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.bak"] [unique_id "aIfFilcqnrybmcpdiyhkGAAAAAc"]
[Mon Jul 28 20:46:34.765941 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sh"] [unique_id "aIfFilcqnrybmcpdiyhkMgAAAAc"]
[Mon Jul 28 20:46:34.766189 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sh"] [unique_id "aIfFilcqnrybmcpdiyhkMgAAAAc"]
[Mon Jul 28 20:46:34.766418 2025] [:error] [pid 1533944] [client 185.177.72.201:61026] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sh"] [unique_id "aIfFilcqnrybmcpdiyhkMgAAAAc"]
[Mon Jul 28 20:46:35.098884 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/install.sql"] [unique_id "aIfFi8c5NK034Azyi1-I9gAAAAA"]
[Mon Jul 28 20:46:35.099222 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/install.sql"] [unique_id "aIfFi8c5NK034Azyi1-I9gAAAAA"]
[Mon Jul 28 20:46:35.099407 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/install.sql"] [unique_id "aIfFi8c5NK034Azyi1-I9gAAAAA"]
[Mon Jul 28 20:46:35.121762 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/update.sql"] [unique_id "aIfFi8c5NK034Azyi1-I9wAAAAA"]
[Mon Jul 28 20:46:35.122115 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/update.sql"] [unique_id "aIfFi8c5NK034Azyi1-I9wAAAAA"]
[Mon Jul 28 20:46:35.122286 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/update.sql"] [unique_id "aIfFi8c5NK034Azyi1-I9wAAAAA"]
[Mon Jul 28 20:46:35.144517 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/delete.sql"] [unique_id "aIfFi8c5NK034Azyi1-I-AAAAAA"]
[Mon Jul 28 20:46:35.144870 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/delete.sql"] [unique_id "aIfFi8c5NK034Azyi1-I-AAAAAA"]
[Mon Jul 28 20:46:35.145039 2025] [:error] [pid 1534264] [client 185.177.72.201:61040] [client 185.177.72.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/delete.sql"] [unique_id "aIfFi8c5NK034Azyi1-I-AAAAAA"]
[Wed Jul 30 07:14:41.251159 2025] [:error] [pid 1565747] [client 198.55.98.182:44966] [client 198.55.98.182] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aImqQU-7kYLRyZuY-tPGpwAAAAM"]
[Wed Jul 30 07:14:41.251422 2025] [:error] [pid 1565747] [client 198.55.98.182:44966] [client 198.55.98.182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aImqQU-7kYLRyZuY-tPGpwAAAAM"]
[Wed Jul 30 07:14:41.251581 2025] [:error] [pid 1565747] [client 198.55.98.182:44966] [client 198.55.98.182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aImqQU-7kYLRyZuY-tPGpwAAAAM"]
[Wed Jul 30 08:05:29.959242 2025] [:error] [pid 1565747] [client 198.55.98.182:60892] [client 198.55.98.182] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIm2KU-7kYLRyZuY-tPGqwAAAAM"]
[Wed Jul 30 08:05:29.959553 2025] [:error] [pid 1565747] [client 198.55.98.182:60892] [client 198.55.98.182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIm2KU-7kYLRyZuY-tPGqwAAAAM"]
[Wed Jul 30 08:05:29.959721 2025] [:error] [pid 1565747] [client 198.55.98.182:60892] [client 198.55.98.182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aIm2KU-7kYLRyZuY-tPGqwAAAAM"]
[Fri Aug 01 20:57:21.046732 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aI0OEXifoX1ev_wT9_6HCwAAAAg"]
[Fri Aug 01 20:57:21.048194 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aI0OEXifoX1ev_wT9_6HCwAAAAg"]
[Fri Aug 01 20:57:21.048379 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aI0OEXifoX1ev_wT9_6HCwAAAAg"]
[Fri Aug 01 20:57:21.070607 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI0OEXifoX1ev_wT9_6HDAAAAAg"]
[Fri Aug 01 20:57:21.070834 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI0OEXifoX1ev_wT9_6HDAAAAAg"]
[Fri Aug 01 20:57:21.070991 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI0OEXifoX1ev_wT9_6HDAAAAAg"]
[Fri Aug 01 20:57:21.093247 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HDQAAAAg"]
[Fri Aug 01 20:57:21.093467 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HDQAAAAg"]
[Fri Aug 01 20:57:21.093613 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HDQAAAAg"]
[Fri Aug 01 20:57:21.116434 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aI0OEXifoX1ev_wT9_6HDgAAAAg"]
[Fri Aug 01 20:57:21.116638 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aI0OEXifoX1ev_wT9_6HDgAAAAg"]
[Fri Aug 01 20:57:21.116802 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aI0OEXifoX1ev_wT9_6HDgAAAAg"]
[Fri Aug 01 20:57:21.140050 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HDwAAAAg"]
[Fri Aug 01 20:57:21.140232 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HDwAAAAg"]
[Fri Aug 01 20:57:21.140377 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HDwAAAAg"]
[Fri Aug 01 20:57:21.162438 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/master"] [unique_id "aI0OEXifoX1ev_wT9_6HEAAAAAg"]
[Fri Aug 01 20:57:21.162627 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/master"] [unique_id "aI0OEXifoX1ev_wT9_6HEAAAAAg"]
[Fri Aug 01 20:57:21.162775 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/master"] [unique_id "aI0OEXifoX1ev_wT9_6HEAAAAAg"]
[Fri Aug 01 20:57:21.184848 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/main"] [unique_id "aI0OEXifoX1ev_wT9_6HEQAAAAg"]
[Fri Aug 01 20:57:21.185037 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/main"] [unique_id "aI0OEXifoX1ev_wT9_6HEQAAAAg"]
[Fri Aug 01 20:57:21.185199 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/main"] [unique_id "aI0OEXifoX1ev_wT9_6HEQAAAAg"]
[Fri Aug 01 20:57:21.207184 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "aI0OEXifoX1ev_wT9_6HEgAAAAg"]
[Fri Aug 01 20:57:21.207366 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "aI0OEXifoX1ev_wT9_6HEgAAAAg"]
[Fri Aug 01 20:57:21.207565 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "aI0OEXifoX1ev_wT9_6HEgAAAAg"]
[Fri Aug 01 20:57:21.229800 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "aI0OEXifoX1ev_wT9_6HEwAAAAg"]
[Fri Aug 01 20:57:21.229971 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "aI0OEXifoX1ev_wT9_6HEwAAAAg"]
[Fri Aug 01 20:57:21.230118 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "aI0OEXifoX1ev_wT9_6HEwAAAAg"]
[Fri Aug 01 20:57:21.252139 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/"] [unique_id "aI0OEXifoX1ev_wT9_6HFAAAAAg"]
[Fri Aug 01 20:57:21.252321 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/"] [unique_id "aI0OEXifoX1ev_wT9_6HFAAAAAg"]
[Fri Aug 01 20:57:21.252477 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/"] [unique_id "aI0OEXifoX1ev_wT9_6HFAAAAAg"]
[Fri Aug 01 20:57:21.274735 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aI0OEXifoX1ev_wT9_6HFQAAAAg"]
[Fri Aug 01 20:57:21.274924 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aI0OEXifoX1ev_wT9_6HFQAAAAg"]
[Fri Aug 01 20:57:21.275087 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aI0OEXifoX1ev_wT9_6HFQAAAAg"]
[Fri Aug 01 20:57:21.296996 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aI0OEXifoX1ev_wT9_6HFgAAAAg"]
[Fri Aug 01 20:57:21.297195 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aI0OEXifoX1ev_wT9_6HFgAAAAg"]
[Fri Aug 01 20:57:21.297382 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aI0OEXifoX1ev_wT9_6HFgAAAAg"]
[Fri Aug 01 20:57:21.319473 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aI0OEXifoX1ev_wT9_6HFwAAAAg"]
[Fri Aug 01 20:57:21.319664 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aI0OEXifoX1ev_wT9_6HFwAAAAg"]
[Fri Aug 01 20:57:21.319827 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aI0OEXifoX1ev_wT9_6HFwAAAAg"]
[Fri Aug 01 20:57:21.341819 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HGAAAAAg"]
[Fri Aug 01 20:57:21.342006 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HGAAAAAg"]
[Fri Aug 01 20:57:21.342171 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HGAAAAAg"]
[Fri Aug 01 20:57:21.364413 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aI0OEXifoX1ev_wT9_6HGQAAAAg"]
[Fri Aug 01 20:57:21.364629 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aI0OEXifoX1ev_wT9_6HGQAAAAg"]
[Fri Aug 01 20:57:21.364803 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aI0OEXifoX1ev_wT9_6HGQAAAAg"]
[Fri Aug 01 20:57:21.386934 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aI0OEXifoX1ev_wT9_6HGgAAAAg"]
[Fri Aug 01 20:57:21.387155 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aI0OEXifoX1ev_wT9_6HGgAAAAg"]
[Fri Aug 01 20:57:21.387311 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aI0OEXifoX1ev_wT9_6HGgAAAAg"]
[Fri Aug 01 20:57:21.409357 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aI0OEXifoX1ev_wT9_6HGwAAAAg"]
[Fri Aug 01 20:57:21.409573 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aI0OEXifoX1ev_wT9_6HGwAAAAg"]
[Fri Aug 01 20:57:21.409738 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aI0OEXifoX1ev_wT9_6HGwAAAAg"]
[Fri Aug 01 20:57:21.431858 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aI0OEXifoX1ev_wT9_6HHAAAAAg"]
[Fri Aug 01 20:57:21.432054 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aI0OEXifoX1ev_wT9_6HHAAAAAg"]
[Fri Aug 01 20:57:21.432215 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aI0OEXifoX1ev_wT9_6HHAAAAAg"]
[Fri Aug 01 20:57:21.454546 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HHQAAAAg"]
[Fri Aug 01 20:57:21.454740 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HHQAAAAg"]
[Fri Aug 01 20:57:21.454910 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HHQAAAAg"]
[Fri Aug 01 20:57:21.477315 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HHgAAAAg"]
[Fri Aug 01 20:57:21.477495 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HHgAAAAg"]
[Fri Aug 01 20:57:21.477645 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aI0OEXifoX1ev_wT9_6HHgAAAAg"]
[Fri Aug 01 20:57:21.968140 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aI0OEXifoX1ev_wT9_6HKQAAAAg"]
[Fri Aug 01 20:57:21.968360 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aI0OEXifoX1ev_wT9_6HKQAAAAg"]
[Fri Aug 01 20:57:21.968520 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aI0OEXifoX1ev_wT9_6HKQAAAAg"]
[Fri Aug 01 20:57:22.105676 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aI0OEnifoX1ev_wT9_6HLwAAAAg"]
[Fri Aug 01 20:57:22.105882 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aI0OEnifoX1ev_wT9_6HLwAAAAg"]
[Fri Aug 01 20:57:22.106053 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aI0OEnifoX1ev_wT9_6HLwAAAAg"]
[Fri Aug 01 20:57:22.128141 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aI0OEnifoX1ev_wT9_6HMAAAAAg"]
[Fri Aug 01 20:57:22.128341 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aI0OEnifoX1ev_wT9_6HMAAAAAg"]
[Fri Aug 01 20:57:22.128520 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aI0OEnifoX1ev_wT9_6HMAAAAAg"]
[Fri Aug 01 20:57:22.150629 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aI0OEnifoX1ev_wT9_6HMQAAAAg"]
[Fri Aug 01 20:57:22.150821 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aI0OEnifoX1ev_wT9_6HMQAAAAg"]
[Fri Aug 01 20:57:22.150997 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aI0OEnifoX1ev_wT9_6HMQAAAAg"]
[Fri Aug 01 20:57:22.173086 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aI0OEnifoX1ev_wT9_6HMgAAAAg"]
[Fri Aug 01 20:57:22.173294 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aI0OEnifoX1ev_wT9_6HMgAAAAg"]
[Fri Aug 01 20:57:22.173463 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aI0OEnifoX1ev_wT9_6HMgAAAAg"]
[Fri Aug 01 20:57:22.195473 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aI0OEnifoX1ev_wT9_6HMwAAAAg"]
[Fri Aug 01 20:57:22.195655 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aI0OEnifoX1ev_wT9_6HMwAAAAg"]
[Fri Aug 01 20:57:22.195822 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aI0OEnifoX1ev_wT9_6HMwAAAAg"]
[Fri Aug 01 20:57:22.217848 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aI0OEnifoX1ev_wT9_6HNAAAAAg"]
[Fri Aug 01 20:57:22.218047 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aI0OEnifoX1ev_wT9_6HNAAAAAg"]
[Fri Aug 01 20:57:22.218213 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aI0OEnifoX1ev_wT9_6HNAAAAAg"]
[Fri Aug 01 20:57:22.377397 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aI0OEnifoX1ev_wT9_6HOwAAAAg"]
[Fri Aug 01 20:57:22.377601 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aI0OEnifoX1ev_wT9_6HOwAAAAg"]
[Fri Aug 01 20:57:22.377765 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aI0OEnifoX1ev_wT9_6HOwAAAAg"]
[Fri Aug 01 20:57:22.402538 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/package.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package.json found within REQUEST_FILENAME: /package.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aI0OEnifoX1ev_wT9_6HPAAAAAg"]
[Fri Aug 01 20:57:22.402718 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aI0OEnifoX1ev_wT9_6HPAAAAAg"]
[Fri Aug 01 20:57:22.402867 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package.json"] [unique_id "aI0OEnifoX1ev_wT9_6HPAAAAAg"]
[Fri Aug 01 20:57:22.424912 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aI0OEnifoX1ev_wT9_6HPQAAAAg"]
[Fri Aug 01 20:57:22.425090 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aI0OEnifoX1ev_wT9_6HPQAAAAg"]
[Fri Aug 01 20:57:22.425243 2025] [:error] [pid 1621734] [client 185.177.72.16:9684] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aI0OEnifoX1ev_wT9_6HPQAAAAg"]
[Fri Aug 01 20:57:25.631131 2025] [authz_core:error] [pid 1621765] [client 185.177.72.16:45464] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htaccess
[Fri Aug 01 20:57:25.651253 2025] [authz_core:error] [pid 1621765] [client 185.177.72.16:45464] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htpasswd
[Fri Aug 01 20:57:25.671569 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aI0OFf8CICd_KOc8Qdly2wAAAAM"]
[Fri Aug 01 20:57:25.671710 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aI0OFf8CICd_KOc8Qdly2wAAAAM"]
[Fri Aug 01 20:57:25.671951 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aI0OFf8CICd_KOc8Qdly2wAAAAM"]
[Fri Aug 01 20:57:25.672100 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aI0OFf8CICd_KOc8Qdly2wAAAAM"]
[Fri Aug 01 20:57:25.755157 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".bash_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bash_history found within REQUEST_FILENAME: /.bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aI0OFf8CICd_KOc8Qdly3wAAAAM"]
[Fri Aug 01 20:57:25.755356 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aI0OFf8CICd_KOc8Qdly3wAAAAM"]
[Fri Aug 01 20:57:25.755510 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_history"] [unique_id "aI0OFf8CICd_KOc8Qdly3wAAAAM"]
[Fri Aug 01 20:57:25.775556 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".zsh_history" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .zsh_history found within REQUEST_FILENAME: /.zsh_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aI0OFf8CICd_KOc8Qdly4AAAAAM"]
[Fri Aug 01 20:57:25.775777 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aI0OFf8CICd_KOc8Qdly4AAAAAM"]
[Fri Aug 01 20:57:25.775954 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.zsh_history"] [unique_id "aI0OFf8CICd_KOc8Qdly4AAAAAM"]
[Fri Aug 01 20:57:25.880091 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".ssh/authorized_keys" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/authorized_keys found within REQUEST_FILENAME: /.ssh/authorized_keys"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/authorized_keys"] [unique_id "aI0OFf8CICd_KOc8Qdly5QAAAAM"]
[Fri Aug 01 20:57:25.880280 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/authorized_keys"] [unique_id "aI0OFf8CICd_KOc8Qdly5QAAAAM"]
[Fri Aug 01 20:57:25.880430 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/authorized_keys"] [unique_id "aI0OFf8CICd_KOc8Qdly5QAAAAM"]
[Fri Aug 01 20:57:25.900573 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".ssh/known_hosts" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/known_hosts found within REQUEST_FILENAME: /.ssh/known_hosts"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/known_hosts"] [unique_id "aI0OFf8CICd_KOc8Qdly5gAAAAM"]
[Fri Aug 01 20:57:25.900766 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/known_hosts"] [unique_id "aI0OFf8CICd_KOc8Qdly5gAAAAM"]
[Fri Aug 01 20:57:25.900959 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/known_hosts"] [unique_id "aI0OFf8CICd_KOc8Qdly5gAAAAM"]
[Fri Aug 01 20:57:25.920902 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/"] [unique_id "aI0OFf8CICd_KOc8Qdly5wAAAAM"]
[Fri Aug 01 20:57:25.921097 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/"] [unique_id "aI0OFf8CICd_KOc8Qdly5wAAAAM"]
[Fri Aug 01 20:57:25.921674 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/"] [unique_id "aI0OFf8CICd_KOc8Qdly5wAAAAM"]
[Fri Aug 01 20:57:25.941611 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/entries"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aI0OFf8CICd_KOc8Qdly6AAAAAM"]
[Fri Aug 01 20:57:25.941790 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aI0OFf8CICd_KOc8Qdly6AAAAAM"]
[Fri Aug 01 20:57:25.941976 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/entries"] [unique_id "aI0OFf8CICd_KOc8Qdly6AAAAAM"]
[Fri Aug 01 20:57:25.982895 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aI0OFf8CICd_KOc8Qdly6gAAAAM"]
[Fri Aug 01 20:57:25.983074 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aI0OFf8CICd_KOc8Qdly6gAAAAM"]
[Fri Aug 01 20:57:25.983239 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aI0OFf8CICd_KOc8Qdly6gAAAAM"]
[Fri Aug 01 20:57:26.150619 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible.cfg"] [unique_id "aI0OFv8CICd_KOc8Qdly8gAAAAM"]
[Fri Aug 01 20:57:26.150886 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible.cfg"] [unique_id "aI0OFv8CICd_KOc8Qdly8gAAAAM"]
[Fri Aug 01 20:57:26.151061 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible.cfg"] [unique_id "aI0OFv8CICd_KOc8Qdly8gAAAAM"]
[Fri Aug 01 20:57:26.171115 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/inventory.ini"] [unique_id "aI0OFv8CICd_KOc8Qdly8wAAAAM"]
[Fri Aug 01 20:57:26.171379 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/inventory.ini"] [unique_id "aI0OFv8CICd_KOc8Qdly8wAAAAM"]
[Fri Aug 01 20:57:26.171520 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/inventory.ini"] [unique_id "aI0OFv8CICd_KOc8Qdly8wAAAAM"]
[Fri Aug 01 20:57:26.191779 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aI0OFv8CICd_KOc8Qdly9AAAAAM"]
[Fri Aug 01 20:57:26.191956 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aI0OFv8CICd_KOc8Qdly9AAAAAM"]
[Fri Aug 01 20:57:26.192123 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aI0OFv8CICd_KOc8Qdly9AAAAAM"]
[Fri Aug 01 20:57:26.418394 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aI0OFv8CICd_KOc8Qdly9QAAAAM"]
[Fri Aug 01 20:57:26.418636 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aI0OFv8CICd_KOc8Qdly9QAAAAM"]
[Fri Aug 01 20:57:26.418826 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aI0OFv8CICd_KOc8Qdly9QAAAAM"]
[Fri Aug 01 20:57:26.462559 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".boto" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .boto found within REQUEST_FILENAME: /.boto"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.boto"] [unique_id "aI0OFv8CICd_KOc8Qdly9wAAAAM"]
[Fri Aug 01 20:57:26.462780 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.boto"] [unique_id "aI0OFv8CICd_KOc8Qdly9wAAAAM"]
[Fri Aug 01 20:57:26.462940 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.boto"] [unique_id "aI0OFv8CICd_KOc8Qdly9wAAAAM"]
[Fri Aug 01 20:57:26.504709 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".travis.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .travis.yml found within REQUEST_FILENAME: /.travis.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aI0OFv8CICd_KOc8Qdly-QAAAAM"]
[Fri Aug 01 20:57:26.504967 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aI0OFv8CICd_KOc8Qdly-QAAAAM"]
[Fri Aug 01 20:57:26.505168 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.travis.yml"] [unique_id "aI0OFv8CICd_KOc8Qdly-QAAAAM"]
[Fri Aug 01 20:57:26.715195 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aI0OFv8CICd_KOc8QdlzAwAAAAM"]
[Fri Aug 01 20:57:26.715381 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aI0OFv8CICd_KOc8QdlzAwAAAAM"]
[Fri Aug 01 20:57:26.715531 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.yml"] [unique_id "aI0OFv8CICd_KOc8QdlzAwAAAAM"]
[Fri Aug 01 20:57:26.735458 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aI0OFv8CICd_KOc8QdlzBAAAAAM"]
[Fri Aug 01 20:57:26.735638 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aI0OFv8CICd_KOc8QdlzBAAAAAM"]
[Fri Aug 01 20:57:26.735814 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aI0OFv8CICd_KOc8QdlzBAAAAAM"]
[Fri Aug 01 20:57:26.777006 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aI0OFv8CICd_KOc8QdlzBgAAAAM"]
[Fri Aug 01 20:57:26.777194 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aI0OFv8CICd_KOc8QdlzBgAAAAM"]
[Fri Aug 01 20:57:26.777357 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aI0OFv8CICd_KOc8QdlzBgAAAAM"]
[Fri Aug 01 20:57:26.819177 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aI0OFv8CICd_KOc8QdlzCAAAAAM"]
[Fri Aug 01 20:57:26.819452 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aI0OFv8CICd_KOc8QdlzCAAAAAM"]
[Fri Aug 01 20:57:26.819648 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aI0OFv8CICd_KOc8QdlzCAAAAAM"]
[Fri Aug 01 20:57:26.902167 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".my.cnf" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .my.cnf found within REQUEST_FILENAME: /.my.cnf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.my.cnf"] [unique_id "aI0OFv8CICd_KOc8QdlzDAAAAAM"]
[Fri Aug 01 20:57:26.902365 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.my.cnf"] [unique_id "aI0OFv8CICd_KOc8QdlzDAAAAAM"]
[Fri Aug 01 20:57:26.902530 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.my.cnf"] [unique_id "aI0OFv8CICd_KOc8QdlzDAAAAAM"]
[Fri Aug 01 20:57:26.943519 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".bash_profile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bash_profile found within REQUEST_FILENAME: /.bash_profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_profile"] [unique_id "aI0OFv8CICd_KOc8QdlzDgAAAAM"]
[Fri Aug 01 20:57:26.943714 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_profile"] [unique_id "aI0OFv8CICd_KOc8QdlzDgAAAAM"]
[Fri Aug 01 20:57:26.943889 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bash_profile"] [unique_id "aI0OFv8CICd_KOc8QdlzDgAAAAM"]
[Fri Aug 01 20:57:26.963935 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".profile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .profile found within REQUEST_FILENAME: /.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.profile"] [unique_id "aI0OFv8CICd_KOc8QdlzDwAAAAM"]
[Fri Aug 01 20:57:26.964112 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.profile"] [unique_id "aI0OFv8CICd_KOc8QdlzDwAAAAM"]
[Fri Aug 01 20:57:26.964274 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.profile"] [unique_id "aI0OFv8CICd_KOc8QdlzDwAAAAM"]
[Fri Aug 01 20:57:26.984226 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".bashrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .bashrc found within REQUEST_FILENAME: /.bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.bashrc"] [unique_id "aI0OFv8CICd_KOc8QdlzEAAAAAM"]
[Fri Aug 01 20:57:26.984410 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.bashrc"] [unique_id "aI0OFv8CICd_KOc8QdlzEAAAAAM"]
[Fri Aug 01 20:57:26.984554 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.bashrc"] [unique_id "aI0OFv8CICd_KOc8QdlzEAAAAAM"]
[Fri Aug 01 20:57:27.004672 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".zshrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .zshrc found within REQUEST_FILENAME: /.zshrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.zshrc"] [unique_id "aI0OF_8CICd_KOc8QdlzEQAAAAM"]
[Fri Aug 01 20:57:27.004861 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.zshrc"] [unique_id "aI0OF_8CICd_KOc8QdlzEQAAAAM"]
[Fri Aug 01 20:57:27.005013 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.zshrc"] [unique_id "aI0OF_8CICd_KOc8QdlzEQAAAAM"]
[Fri Aug 01 20:57:27.025177 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".vimrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .vimrc found within REQUEST_FILENAME: /.vimrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vimrc"] [unique_id "aI0OF_8CICd_KOc8QdlzEgAAAAM"]
[Fri Aug 01 20:57:27.025398 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vimrc"] [unique_id "aI0OF_8CICd_KOc8QdlzEgAAAAM"]
[Fri Aug 01 20:57:27.025564 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vimrc"] [unique_id "aI0OF_8CICd_KOc8QdlzEgAAAAM"]
[Fri Aug 01 20:57:27.045920 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".viminfo" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .viminfo found within REQUEST_FILENAME: /.viminfo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.viminfo"] [unique_id "aI0OF_8CICd_KOc8QdlzEwAAAAM"]
[Fri Aug 01 20:57:27.046139 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.viminfo"] [unique_id "aI0OF_8CICd_KOc8QdlzEwAAAAM"]
[Fri Aug 01 20:57:27.046323 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.viminfo"] [unique_id "aI0OF_8CICd_KOc8QdlzEwAAAAM"]
[Fri Aug 01 20:57:27.129320 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aI0OF_8CICd_KOc8QdlzFwAAAAM"]
[Fri Aug 01 20:57:27.129616 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aI0OF_8CICd_KOc8QdlzFwAAAAM"]
[Fri Aug 01 20:57:27.129763 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aI0OF_8CICd_KOc8QdlzFwAAAAM"]
[Fri Aug 01 20:57:27.149947 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/access.log"] [unique_id "aI0OF_8CICd_KOc8QdlzGAAAAAM"]
[Fri Aug 01 20:57:27.150251 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/access.log"] [unique_id "aI0OF_8CICd_KOc8QdlzGAAAAAM"]
[Fri Aug 01 20:57:27.150432 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/access.log"] [unique_id "aI0OF_8CICd_KOc8QdlzGAAAAAM"]
[Fri Aug 01 20:57:27.170582 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/sql.log"] [unique_id "aI0OF_8CICd_KOc8QdlzGQAAAAM"]
[Fri Aug 01 20:57:27.170906 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sql.log"] [unique_id "aI0OF_8CICd_KOc8QdlzGQAAAAM"]
[Fri Aug 01 20:57:27.171063 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sql.log"] [unique_id "aI0OF_8CICd_KOc8QdlzGQAAAAM"]
[Fri Aug 01 20:57:27.191166 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aI0OF_8CICd_KOc8QdlzGgAAAAM"]
[Fri Aug 01 20:57:27.191470 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aI0OF_8CICd_KOc8QdlzGgAAAAM"]
[Fri Aug 01 20:57:27.191630 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aI0OF_8CICd_KOc8QdlzGgAAAAM"]
[Fri Aug 01 20:57:27.211890 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aI0OF_8CICd_KOc8QdlzGwAAAAM"]
[Fri Aug 01 20:57:27.212194 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aI0OF_8CICd_KOc8QdlzGwAAAAM"]
[Fri Aug 01 20:57:27.212380 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aI0OF_8CICd_KOc8QdlzGwAAAAM"]
[Fri Aug 01 20:57:27.275185 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".mdb"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/data.mdb"] [unique_id "aI0OF_8CICd_KOc8QdlzHgAAAAM"]
[Fri Aug 01 20:57:27.275521 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data.mdb"] [unique_id "aI0OF_8CICd_KOc8QdlzHgAAAAM"]
[Fri Aug 01 20:57:27.275698 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data.mdb"] [unique_id "aI0OF_8CICd_KOc8QdlzHgAAAAM"]
[Fri Aug 01 20:57:27.295876 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aI0OF_8CICd_KOc8QdlzHwAAAAM"]
[Fri Aug 01 20:57:27.296201 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aI0OF_8CICd_KOc8QdlzHwAAAAM"]
[Fri Aug 01 20:57:27.296374 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private.key"] [unique_id "aI0OF_8CICd_KOc8QdlzHwAAAAM"]
[Fri Aug 01 20:57:27.316451 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aI0OF_8CICd_KOc8QdlzIAAAAAM"]
[Fri Aug 01 20:57:27.316775 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aI0OF_8CICd_KOc8QdlzIAAAAAM"]
[Fri Aug 01 20:57:27.316958 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aI0OF_8CICd_KOc8QdlzIAAAAAM"]
[Fri Aug 01 20:57:27.358269 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".netrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .netrc found within REQUEST_FILENAME: /.netrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aI0OF_8CICd_KOc8QdlzIgAAAAM"]
[Fri Aug 01 20:57:27.358522 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aI0OF_8CICd_KOc8QdlzIgAAAAM"]
[Fri Aug 01 20:57:27.358687 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aI0OF_8CICd_KOc8QdlzIgAAAAM"]
[Fri Aug 01 20:57:27.612551 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/yarn.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /yarn.lock found within REQUEST_FILENAME: /yarn.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aI0OF_8CICd_KOc8QdlzLgAAAAM"]
[Fri Aug 01 20:57:27.612735 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aI0OF_8CICd_KOc8QdlzLgAAAAM"]
[Fri Aug 01 20:57:27.612887 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/yarn.lock"] [unique_id "aI0OF_8CICd_KOc8QdlzLgAAAAM"]
[Fri Aug 01 20:57:27.632839 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/package-lock.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /package-lock.json found within REQUEST_FILENAME: /package-lock.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aI0OF_8CICd_KOc8QdlzLwAAAAM"]
[Fri Aug 01 20:57:27.633016 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aI0OF_8CICd_KOc8QdlzLwAAAAM"]
[Fri Aug 01 20:57:27.633169 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/package-lock.json"] [unique_id "aI0OF_8CICd_KOc8QdlzLwAAAAM"]
[Fri Aug 01 20:57:27.653109 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aI0OF_8CICd_KOc8QdlzMAAAAAM"]
[Fri Aug 01 20:57:27.653291 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aI0OF_8CICd_KOc8QdlzMAAAAAM"]
[Fri Aug 01 20:57:27.653436 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.lock"] [unique_id "aI0OF_8CICd_KOc8QdlzMAAAAAM"]
[Fri Aug 01 20:57:27.736567 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/webpack.config.js" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /webpack.config.js found within REQUEST_FILENAME: /webpack.config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aI0OF_8CICd_KOc8QdlzNAAAAAM"]
[Fri Aug 01 20:57:27.736772 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aI0OF_8CICd_KOc8QdlzNAAAAAM"]
[Fri Aug 01 20:57:27.736963 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/webpack.config.js"] [unique_id "aI0OF_8CICd_KOc8QdlzNAAAAAM"]
[Fri Aug 01 20:57:27.819899 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".eslintrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .eslintrc found within REQUEST_FILENAME: /.eslintrc.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.eslintrc.js"] [unique_id "aI0OF_8CICd_KOc8QdlzOAAAAAM"]
[Fri Aug 01 20:57:27.820075 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.eslintrc.js"] [unique_id "aI0OF_8CICd_KOc8QdlzOAAAAAM"]
[Fri Aug 01 20:57:27.820220 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.eslintrc.js"] [unique_id "aI0OF_8CICd_KOc8QdlzOAAAAAM"]
[Fri Aug 01 20:57:27.840397 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".eslintrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .eslintrc found within REQUEST_FILENAME: /.eslintrc.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.eslintrc.json"] [unique_id "aI0OF_8CICd_KOc8QdlzOQAAAAM"]
[Fri Aug 01 20:57:27.840573 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.eslintrc.json"] [unique_id "aI0OF_8CICd_KOc8QdlzOQAAAAM"]
[Fri Aug 01 20:57:27.840718 2025] [:error] [pid 1621765] [client 185.177.72.16:45464] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.eslintrc.json"] [unique_id "aI0OF_8CICd_KOc8QdlzOQAAAAM"]
[Fri Aug 01 20:57:28.026629 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.user.ini"] [unique_id "aI0OGNXkfgsW0I3lNwh1agAAAAA"]
[Fri Aug 01 20:57:28.027015 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.user.ini"] [unique_id "aI0OGNXkfgsW0I3lNwh1agAAAAA"]
[Fri Aug 01 20:57:28.027192 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.user.ini"] [unique_id "aI0OGNXkfgsW0I3lNwh1agAAAAA"]
[Fri Aug 01 20:57:28.235601 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aI0OGNXkfgsW0I3lNwh1dAAAAAA"]
[Fri Aug 01 20:57:28.235909 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aI0OGNXkfgsW0I3lNwh1dAAAAAA"]
[Fri Aug 01 20:57:28.236095 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aI0OGNXkfgsW0I3lNwh1dAAAAAA"]
[Fri Aug 01 20:57:28.426886 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase ".idea" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .idea found within REQUEST_FILENAME: /.idea/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/"] [unique_id "aI0OGNXkfgsW0I3lNwh1fQAAAAA"]
[Fri Aug 01 20:57:28.427139 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/"] [unique_id "aI0OGNXkfgsW0I3lNwh1fQAAAAA"]
[Fri Aug 01 20:57:28.427430 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.idea/"] [unique_id "aI0OGNXkfgsW0I3lNwh1fQAAAAA"]
[Fri Aug 01 20:57:28.469791 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aI0OGNXkfgsW0I3lNwh1fwAAAAA"]
[Fri Aug 01 20:57:28.470105 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aI0OGNXkfgsW0I3lNwh1fwAAAAA"]
[Fri Aug 01 20:57:28.470359 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aI0OGNXkfgsW0I3lNwh1fwAAAAA"]
[Fri Aug 01 20:57:28.715434 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aI0OGNXkfgsW0I3lNwh1gAAAAAA"]
[Fri Aug 01 20:57:28.715833 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aI0OGNXkfgsW0I3lNwh1gAAAAAA"]
[Fri Aug 01 20:57:28.716060 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aI0OGNXkfgsW0I3lNwh1gAAAAAA"]
[Fri Aug 01 20:57:28.736191 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aI0OGNXkfgsW0I3lNwh1gQAAAAA"]
[Fri Aug 01 20:57:28.736408 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aI0OGNXkfgsW0I3lNwh1gQAAAAA"]
[Fri Aug 01 20:57:28.736589 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aI0OGNXkfgsW0I3lNwh1gQAAAAA"]
[Fri Aug 01 20:57:28.945675 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aI0OGNXkfgsW0I3lNwh1iwAAAAA"]
[Fri Aug 01 20:57:28.945982 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aI0OGNXkfgsW0I3lNwh1iwAAAAA"]
[Fri Aug 01 20:57:28.946217 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aI0OGNXkfgsW0I3lNwh1iwAAAAA"]
[Fri Aug 01 20:57:28.966670 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aI0OGNXkfgsW0I3lNwh1jAAAAAA"]
[Fri Aug 01 20:57:28.966864 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aI0OGNXkfgsW0I3lNwh1jAAAAAA"]
[Fri Aug 01 20:57:28.967034 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aI0OGNXkfgsW0I3lNwh1jAAAAAA"]
[Fri Aug 01 20:57:28.987343 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/"] [unique_id "aI0OGNXkfgsW0I3lNwh1jQAAAAA"]
[Fri Aug 01 20:57:28.987530 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/"] [unique_id "aI0OGNXkfgsW0I3lNwh1jQAAAAA"]
[Fri Aug 01 20:57:28.987703 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/"] [unique_id "aI0OGNXkfgsW0I3lNwh1jQAAAAA"]
[Fri Aug 01 20:57:29.007636 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/info/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/info/"] [unique_id "aI0OGdXkfgsW0I3lNwh1jgAAAAA"]
[Fri Aug 01 20:57:29.007827 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/info/"] [unique_id "aI0OGdXkfgsW0I3lNwh1jgAAAAA"]
[Fri Aug 01 20:57:29.007989 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/info/"] [unique_id "aI0OGdXkfgsW0I3lNwh1jgAAAAA"]
[Fri Aug 01 20:57:29.028012 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/pack/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/pack/"] [unique_id "aI0OGdXkfgsW0I3lNwh1jwAAAAA"]
[Fri Aug 01 20:57:29.028196 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/pack/"] [unique_id "aI0OGdXkfgsW0I3lNwh1jwAAAAA"]
[Fri Aug 01 20:57:29.028353 2025] [:error] [pid 1621759] [client 185.177.72.16:45466] [client 185.177.72.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/pack/"] [unique_id "aI0OGdXkfgsW0I3lNwh1jwAAAAA"]
[Sun Aug 03 02:00:09.621545 2025] [:error] [pid 1662668] [client 167.99.237.180:43416] [client 167.99.237.180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI6miU1mkfh3qMaCmpTuoQAAAAU"]
[Sun Aug 03 02:00:09.621835 2025] [:error] [pid 1662668] [client 167.99.237.180:43416] [client 167.99.237.180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI6miU1mkfh3qMaCmpTuoQAAAAU"]
[Sun Aug 03 02:00:09.622003 2025] [:error] [pid 1662668] [client 167.99.237.180:43416] [client 167.99.237.180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aI6miU1mkfh3qMaCmpTuoQAAAAU"]
[Tue Aug 05 11:03:24.139874 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJHI3KwAMarSM4GUXkstfgAAAAI"]
[Tue Aug 05 11:03:24.141493 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJHI3KwAMarSM4GUXkstfgAAAAI"]
[Tue Aug 05 11:03:24.141656 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aJHI3KwAMarSM4GUXkstfgAAAAI"]
[Tue Aug 05 11:03:24.163852 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJHI3KwAMarSM4GUXkstfwAAAAI"]
[Tue Aug 05 11:03:24.164086 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJHI3KwAMarSM4GUXkstfwAAAAI"]
[Tue Aug 05 11:03:24.164281 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aJHI3KwAMarSM4GUXkstfwAAAAI"]
[Tue Aug 05 11:03:24.907838 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/db.sql"] [unique_id "aJHI3KwAMarSM4GUXkstkgAAAAI"]
[Tue Aug 05 11:03:24.908149 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/db.sql"] [unique_id "aJHI3KwAMarSM4GUXkstkgAAAAI"]
[Tue Aug 05 11:03:24.908314 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.backup/db.sql"] [unique_id "aJHI3KwAMarSM4GUXkstkgAAAAI"]
[Tue Aug 05 11:03:24.977109 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.cpanel/caches/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.cpanel/caches/config/.env"] [unique_id "aJHI3KwAMarSM4GUXkstlQAAAAI"]
[Tue Aug 05 11:03:24.977378 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.cpanel/caches/config/.env"] [unique_id "aJHI3KwAMarSM4GUXkstlQAAAAI"]
[Tue Aug 05 11:03:24.977559 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.cpanel/caches/config/.env"] [unique_id "aJHI3KwAMarSM4GUXkstlQAAAAI"]
[Tue Aug 05 11:03:25.022768 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJHI3awAMarSM4GUXkstlwAAAAI"]
[Tue Aug 05 11:03:25.022964 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJHI3awAMarSM4GUXkstlwAAAAI"]
[Tue Aug 05 11:03:25.023123 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJHI3awAMarSM4GUXkstlwAAAAI"]
[Tue Aug 05 11:03:25.045244 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJHI3awAMarSM4GUXkstmAAAAAI"]
[Tue Aug 05 11:03:25.045389 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJHI3awAMarSM4GUXkstmAAAAAI"]
[Tue Aug 05 11:03:25.045572 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJHI3awAMarSM4GUXkstmAAAAAI"]
[Tue Aug 05 11:03:25.045730 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aJHI3awAMarSM4GUXkstmAAAAAI"]
[Tue Aug 05 11:03:25.067806 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aJHI3awAMarSM4GUXkstmQAAAAI"]
[Tue Aug 05 11:03:25.067934 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aJHI3awAMarSM4GUXkstmQAAAAI"]
[Tue Aug 05 11:03:25.068123 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aJHI3awAMarSM4GUXkstmQAAAAI"]
[Tue Aug 05 11:03:25.068269 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aJHI3awAMarSM4GUXkstmQAAAAI"]
[Tue Aug 05 11:03:25.090467 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJHI3awAMarSM4GUXkstmgAAAAI"]
[Tue Aug 05 11:03:25.090634 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJHI3awAMarSM4GUXkstmgAAAAI"]
[Tue Aug 05 11:03:25.090789 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aJHI3awAMarSM4GUXkstmgAAAAI"]
[Tue Aug 05 11:03:25.112926 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.json"] [unique_id "aJHI3awAMarSM4GUXkstmwAAAAI"]
[Tue Aug 05 11:03:25.113107 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.json"] [unique_id "aJHI3awAMarSM4GUXkstmwAAAAI"]
[Tue Aug 05 11:03:25.113273 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.json"] [unique_id "aJHI3awAMarSM4GUXkstmwAAAAI"]
[Tue Aug 05 11:03:25.135544 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJHI3awAMarSM4GUXkstnAAAAAI"]
[Tue Aug 05 11:03:25.135733 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJHI3awAMarSM4GUXkstnAAAAAI"]
[Tue Aug 05 11:03:25.135917 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJHI3awAMarSM4GUXkstnAAAAAI"]
[Tue Aug 05 11:03:25.158218 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aJHI3awAMarSM4GUXkstnQAAAAI"]
[Tue Aug 05 11:03:25.158426 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aJHI3awAMarSM4GUXkstnQAAAAI"]
[Tue Aug 05 11:03:25.158598 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aJHI3awAMarSM4GUXkstnQAAAAI"]
[Tue Aug 05 11:03:25.180921 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aJHI3awAMarSM4GUXkstngAAAAI"]
[Tue Aug 05 11:03:25.181138 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aJHI3awAMarSM4GUXkstngAAAAI"]
[Tue Aug 05 11:03:25.181308 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.json"] [unique_id "aJHI3awAMarSM4GUXkstngAAAAI"]
[Tue Aug 05 11:03:25.203547 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJHI3awAMarSM4GUXkstnwAAAAI"]
[Tue Aug 05 11:03:25.203748 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJHI3awAMarSM4GUXkstnwAAAAI"]
[Tue Aug 05 11:03:25.203918 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJHI3awAMarSM4GUXkstnwAAAAI"]
[Tue Aug 05 11:03:25.299522 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local.json"] [unique_id "aJHI3awAMarSM4GUXkstoAAAAAI"]
[Tue Aug 05 11:03:25.299748 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local.json"] [unique_id "aJHI3awAMarSM4GUXkstoAAAAAI"]
[Tue Aug 05 11:03:25.299922 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local.json"] [unique_id "aJHI3awAMarSM4GUXkstoAAAAAI"]
[Tue Aug 05 11:03:25.324228 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJHI3awAMarSM4GUXkstoQAAAAI"]
[Tue Aug 05 11:03:25.324361 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJHI3awAMarSM4GUXkstoQAAAAI"]
[Tue Aug 05 11:03:25.324554 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJHI3awAMarSM4GUXkstoQAAAAI"]
[Tue Aug 05 11:03:25.324706 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aJHI3awAMarSM4GUXkstoQAAAAI"]
[Tue Aug 05 11:03:25.346916 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJHI3awAMarSM4GUXkstogAAAAI"]
[Tue Aug 05 11:03:25.347094 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJHI3awAMarSM4GUXkstogAAAAI"]
[Tue Aug 05 11:03:25.347250 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aJHI3awAMarSM4GUXkstogAAAAI"]
[Tue Aug 05 11:03:25.369482 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.json"] [unique_id "aJHI3awAMarSM4GUXkstowAAAAI"]
[Tue Aug 05 11:03:25.369646 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.json"] [unique_id "aJHI3awAMarSM4GUXkstowAAAAI"]
[Tue Aug 05 11:03:25.369794 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.json"] [unique_id "aJHI3awAMarSM4GUXkstowAAAAI"]
[Tue Aug 05 11:03:25.392579 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJHI3awAMarSM4GUXkstpAAAAAI"]
[Tue Aug 05 11:03:25.392738 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJHI3awAMarSM4GUXkstpAAAAAI"]
[Tue Aug 05 11:03:25.392881 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJHI3awAMarSM4GUXkstpAAAAAI"]
[Tue Aug 05 11:03:25.415516 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJHI3awAMarSM4GUXkstpQAAAAI"]
[Tue Aug 05 11:03:25.415704 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJHI3awAMarSM4GUXkstpQAAAAI"]
[Tue Aug 05 11:03:25.415866 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aJHI3awAMarSM4GUXkstpQAAAAI"]
[Tue Aug 05 11:03:25.438057 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJHI3awAMarSM4GUXkstpgAAAAI"]
[Tue Aug 05 11:03:25.438227 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJHI3awAMarSM4GUXkstpgAAAAI"]
[Tue Aug 05 11:03:25.438390 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aJHI3awAMarSM4GUXkstpgAAAAI"]
[Tue Aug 05 11:03:25.460447 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sendgrid"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aJHI3awAMarSM4GUXkstpwAAAAI"]
[Tue Aug 05 11:03:25.460605 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aJHI3awAMarSM4GUXkstpwAAAAI"]
[Tue Aug 05 11:03:25.460754 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sendgrid"] [unique_id "aJHI3awAMarSM4GUXkstpwAAAAI"]
[Tue Aug 05 11:03:25.482865 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.smtp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aJHI3awAMarSM4GUXkstqAAAAAI"]
[Tue Aug 05 11:03:25.483019 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aJHI3awAMarSM4GUXkstqAAAAAI"]
[Tue Aug 05 11:03:25.483159 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.smtp"] [unique_id "aJHI3awAMarSM4GUXkstqAAAAAI"]
[Tue Aug 05 11:03:25.505501 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJHI3awAMarSM4GUXkstqQAAAAI"]
[Tue Aug 05 11:03:25.505686 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJHI3awAMarSM4GUXkstqQAAAAI"]
[Tue Aug 05 11:03:25.505852 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aJHI3awAMarSM4GUXkstqQAAAAI"]
[Tue Aug 05 11:03:25.531140 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.json"] [unique_id "aJHI3awAMarSM4GUXkstqgAAAAI"]
[Tue Aug 05 11:03:25.531331 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.json"] [unique_id "aJHI3awAMarSM4GUXkstqgAAAAI"]
[Tue Aug 05 11:03:25.531498 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.json"] [unique_id "aJHI3awAMarSM4GUXkstqgAAAAI"]
[Tue Aug 05 11:03:25.579556 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.zip"] [unique_id "aJHI3awAMarSM4GUXkstqwAAAAI"]
[Tue Aug 05 11:03:25.579756 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.zip"] [unique_id "aJHI3awAMarSM4GUXkstqwAAAAI"]
[Tue Aug 05 11:03:25.579946 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.zip"] [unique_id "aJHI3awAMarSM4GUXkstqwAAAAI"]
[Tue Aug 05 11:03:25.602087 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aJHI3awAMarSM4GUXkstrAAAAAI"]
[Tue Aug 05 11:03:25.602275 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aJHI3awAMarSM4GUXkstrAAAAAI"]
[Tue Aug 05 11:03:25.602444 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aJHI3awAMarSM4GUXkstrAAAAAI"]
[Tue Aug 05 11:03:25.647783 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aJHI3awAMarSM4GUXkstrgAAAAI"]
[Tue Aug 05 11:03:25.647976 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aJHI3awAMarSM4GUXkstrgAAAAI"]
[Tue Aug 05 11:03:25.648142 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aJHI3awAMarSM4GUXkstrgAAAAI"]
[Tue Aug 05 11:03:25.670282 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/.env"] [unique_id "aJHI3awAMarSM4GUXkstrwAAAAI"]
[Tue Aug 05 11:03:25.670497 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/.env"] [unique_id "aJHI3awAMarSM4GUXkstrwAAAAI"]
[Tue Aug 05 11:03:25.670658 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/.env"] [unique_id "aJHI3awAMarSM4GUXkstrwAAAAI"]
[Tue Aug 05 11:03:25.692734 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aJHI3awAMarSM4GUXkstsAAAAAI"]
[Tue Aug 05 11:03:25.692905 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aJHI3awAMarSM4GUXkstsAAAAAI"]
[Tue Aug 05 11:03:25.693053 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "aJHI3awAMarSM4GUXkstsAAAAAI"]
[Tue Aug 05 11:03:25.715334 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aJHI3awAMarSM4GUXkstsQAAAAI"]
[Tue Aug 05 11:03:25.715528 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aJHI3awAMarSM4GUXkstsQAAAAI"]
[Tue Aug 05 11:03:25.715690 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/FETCH_HEAD"] [unique_id "aJHI3awAMarSM4GUXkstsQAAAAI"]
[Tue Aug 05 11:03:25.737964 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aJHI3awAMarSM4GUXkstsgAAAAI"]
[Tue Aug 05 11:03:25.738205 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aJHI3awAMarSM4GUXkstsgAAAAI"]
[Tue Aug 05 11:03:25.738419 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aJHI3awAMarSM4GUXkstsgAAAAI"]
[Tue Aug 05 11:03:25.760627 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aJHI3awAMarSM4GUXkstswAAAAI"]
[Tue Aug 05 11:03:25.760869 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aJHI3awAMarSM4GUXkstswAAAAI"]
[Tue Aug 05 11:03:25.761058 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/ORIG_HEAD"] [unique_id "aJHI3awAMarSM4GUXkstswAAAAI"]
[Tue Aug 05 11:03:25.783295 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/backup"] [unique_id "aJHI3awAMarSM4GUXksttAAAAAI"]
[Tue Aug 05 11:03:25.783515 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/backup"] [unique_id "aJHI3awAMarSM4GUXksttAAAAAI"]
[Tue Aug 05 11:03:25.783702 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/backup"] [unique_id "aJHI3awAMarSM4GUXksttAAAAAI"]
[Tue Aug 05 11:03:25.806147 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJHI3awAMarSM4GUXksttQAAAAI"]
[Tue Aug 05 11:03:25.806393 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJHI3awAMarSM4GUXksttQAAAAI"]
[Tue Aug 05 11:03:25.806561 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJHI3awAMarSM4GUXksttQAAAAI"]
[Tue Aug 05 11:03:25.828936 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aJHI3awAMarSM4GUXksttgAAAAI"]
[Tue Aug 05 11:03:25.829086 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aJHI3awAMarSM4GUXksttgAAAAI"]
[Tue Aug 05 11:03:25.829326 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aJHI3awAMarSM4GUXksttgAAAAI"]
[Tue Aug 05 11:03:25.829516 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.bak"] [unique_id "aJHI3awAMarSM4GUXksttgAAAAI"]
[Tue Aug 05 11:03:25.851863 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aJHI3awAMarSM4GUXksttwAAAAI"]
[Tue Aug 05 11:03:25.852022 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aJHI3awAMarSM4GUXksttwAAAAI"]
[Tue Aug 05 11:03:25.852249 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aJHI3awAMarSM4GUXksttwAAAAI"]
[Tue Aug 05 11:03:25.852444 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config.old"] [unique_id "aJHI3awAMarSM4GUXksttwAAAAI"]
[Tue Aug 05 11:03:25.874859 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config~"] [unique_id "aJHI3awAMarSM4GUXkstuAAAAAI"]
[Tue Aug 05 11:03:25.875108 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config~"] [unique_id "aJHI3awAMarSM4GUXkstuAAAAAI"]
[Tue Aug 05 11:03:25.875309 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config~"] [unique_id "aJHI3awAMarSM4GUXkstuAAAAAI"]
[Tue Aug 05 11:03:25.899083 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aJHI3awAMarSM4GUXkstuQAAAAI"]
[Tue Aug 05 11:03:25.899232 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/db.sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aJHI3awAMarSM4GUXkstuQAAAAI"]
[Tue Aug 05 11:03:25.899453 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aJHI3awAMarSM4GUXkstuQAAAAI"]
[Tue Aug 05 11:03:25.899638 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/db.sql"] [unique_id "aJHI3awAMarSM4GUXkstuQAAAAI"]
[Tue Aug 05 11:03:25.922023 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aJHI3awAMarSM4GUXkstugAAAAI"]
[Tue Aug 05 11:03:25.922266 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aJHI3awAMarSM4GUXkstugAAAAI"]
[Tue Aug 05 11:03:25.922468 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/description"] [unique_id "aJHI3awAMarSM4GUXkstugAAAAI"]
[Tue Aug 05 11:03:25.944768 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aJHI3awAMarSM4GUXkstuwAAAAI"]
[Tue Aug 05 11:03:25.944939 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/dump.sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aJHI3awAMarSM4GUXkstuwAAAAI"]
[Tue Aug 05 11:03:25.945162 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aJHI3awAMarSM4GUXkstuwAAAAI"]
[Tue Aug 05 11:03:25.945351 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/dump.sql"] [unique_id "aJHI3awAMarSM4GUXkstuwAAAAI"]
[Tue Aug 05 11:03:25.967680 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/execute.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/execute.php"] [unique_id "aJHI3awAMarSM4GUXkstvAAAAAI"]
[Tue Aug 05 11:03:25.967883 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/execute.php"] [unique_id "aJHI3awAMarSM4GUXkstvAAAAAI"]
[Tue Aug 05 11:03:25.968043 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/execute.php"] [unique_id "aJHI3awAMarSM4GUXkstvAAAAAI"]
[Tue Aug 05 11:03:25.990221 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aJHI3awAMarSM4GUXkstvQAAAAI"]
[Tue Aug 05 11:03:25.990441 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aJHI3awAMarSM4GUXkstvQAAAAI"]
[Tue Aug 05 11:03:25.990622 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/post-commit"] [unique_id "aJHI3awAMarSM4GUXkstvQAAAAI"]
[Tue Aug 05 11:03:26.012722 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aJHI3qwAMarSM4GUXkstvgAAAAI"]
[Tue Aug 05 11:03:26.012896 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aJHI3qwAMarSM4GUXkstvgAAAAI"]
[Tue Aug 05 11:03:26.013047 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-commit"] [unique_id "aJHI3qwAMarSM4GUXkstvgAAAAI"]
[Tue Aug 05 11:03:26.410886 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-push"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aJHI3qwAMarSM4GUXkstvwAAAAI"]
[Tue Aug 05 11:03:26.411120 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aJHI3qwAMarSM4GUXkstvwAAAAI"]
[Tue Aug 05 11:03:26.411323 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/hooks/pre-push"] [unique_id "aJHI3qwAMarSM4GUXkstvwAAAAI"]
[Tue Aug 05 11:03:26.433540 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aJHI3qwAMarSM4GUXkstwAAAAAI"]
[Tue Aug 05 11:03:26.433753 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aJHI3qwAMarSM4GUXkstwAAAAAI"]
[Tue Aug 05 11:03:26.433922 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/index"] [unique_id "aJHI3qwAMarSM4GUXkstwAAAAAI"]
[Tue Aug 05 11:03:26.456018 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aJHI3qwAMarSM4GUXkstwQAAAAI"]
[Tue Aug 05 11:03:26.456212 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aJHI3qwAMarSM4GUXkstwQAAAAI"]
[Tue Aug 05 11:03:26.456363 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/info/exclude"] [unique_id "aJHI3qwAMarSM4GUXkstwQAAAAI"]
[Tue Aug 05 11:03:26.478568 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aJHI3qwAMarSM4GUXkstwgAAAAI"]
[Tue Aug 05 11:03:26.478752 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aJHI3qwAMarSM4GUXkstwgAAAAI"]
[Tue Aug 05 11:03:26.478911 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aJHI3qwAMarSM4GUXkstwgAAAAI"]
[Tue Aug 05 11:03:26.501013 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/master"] [unique_id "aJHI3qwAMarSM4GUXkstwwAAAAI"]
[Tue Aug 05 11:03:26.501212 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/master"] [unique_id "aJHI3qwAMarSM4GUXkstwwAAAAI"]
[Tue Aug 05 11:03:26.501364 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/heads/master"] [unique_id "aJHI3qwAMarSM4GUXkstwwAAAAI"]
[Tue Aug 05 11:03:26.523623 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/HEAD"] [unique_id "aJHI3qwAMarSM4GUXkstxAAAAAI"]
[Tue Aug 05 11:03:26.523827 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/HEAD"] [unique_id "aJHI3qwAMarSM4GUXkstxAAAAAI"]
[Tue Aug 05 11:03:26.523990 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/refs/remotes/origin/HEAD"] [unique_id "aJHI3qwAMarSM4GUXkstxAAAAAI"]
[Tue Aug 05 11:03:26.546172 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aJHI3qwAMarSM4GUXkstxQAAAAI"]
[Tue Aug 05 11:03:26.546384 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aJHI3qwAMarSM4GUXkstxQAAAAI"]
[Tue Aug 05 11:03:26.546548 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/objects/"] [unique_id "aJHI3qwAMarSM4GUXkstxQAAAAI"]
[Tue Aug 05 11:03:26.568682 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aJHI3qwAMarSM4GUXkstxgAAAAI"]
[Tue Aug 05 11:03:26.568894 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aJHI3qwAMarSM4GUXkstxgAAAAI"]
[Tue Aug 05 11:03:26.569085 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/packed-refs"] [unique_id "aJHI3qwAMarSM4GUXkstxgAAAAI"]
[Tue Aug 05 11:03:26.591215 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aJHI3qwAMarSM4GUXkstxwAAAAI"]
[Tue Aug 05 11:03:26.591405 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aJHI3qwAMarSM4GUXkstxwAAAAI"]
[Tue Aug 05 11:03:26.591559 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/"] [unique_id "aJHI3qwAMarSM4GUXkstxwAAAAI"]
[Tue Aug 05 11:03:26.613655 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aJHI3qwAMarSM4GUXkstyAAAAAI"]
[Tue Aug 05 11:03:26.613851 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aJHI3qwAMarSM4GUXkstyAAAAAI"]
[Tue Aug 05 11:03:26.614020 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/"] [unique_id "aJHI3qwAMarSM4GUXkstyAAAAAI"]
[Tue Aug 05 11:03:26.636233 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aJHI3qwAMarSM4GUXkstyQAAAAI"]
[Tue Aug 05 11:03:26.636444 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aJHI3qwAMarSM4GUXkstyQAAAAI"]
[Tue Aug 05 11:03:26.636618 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/main"] [unique_id "aJHI3qwAMarSM4GUXkstyQAAAAI"]
[Tue Aug 05 11:03:26.658738 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aJHI3qwAMarSM4GUXkstygAAAAI"]
[Tue Aug 05 11:03:26.658947 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aJHI3qwAMarSM4GUXkstygAAAAI"]
[Tue Aug 05 11:03:26.659104 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/heads/master"] [unique_id "aJHI3qwAMarSM4GUXkstygAAAAI"]
[Tue Aug 05 11:03:26.681238 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aJHI3qwAMarSM4GUXkstywAAAAI"]
[Tue Aug 05 11:03:26.681447 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aJHI3qwAMarSM4GUXkstywAAAAI"]
[Tue Aug 05 11:03:26.681611 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/"] [unique_id "aJHI3qwAMarSM4GUXkstywAAAAI"]
[Tue Aug 05 11:03:26.703687 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/main"] [unique_id "aJHI3qwAMarSM4GUXkstzAAAAAI"]
[Tue Aug 05 11:03:26.703878 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/main"] [unique_id "aJHI3qwAMarSM4GUXkstzAAAAAI"]
[Tue Aug 05 11:03:26.704027 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/main"] [unique_id "aJHI3qwAMarSM4GUXkstzAAAAAI"]
[Tue Aug 05 11:03:26.726238 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/master"] [unique_id "aJHI3qwAMarSM4GUXkstzQAAAAI"]
[Tue Aug 05 11:03:26.726484 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/master"] [unique_id "aJHI3qwAMarSM4GUXkstzQAAAAI"]
[Tue Aug 05 11:03:26.726650 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/remotes/origin/master"] [unique_id "aJHI3qwAMarSM4GUXkstzQAAAAI"]
[Tue Aug 05 11:03:26.748722 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/stash"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aJHI3qwAMarSM4GUXkstzgAAAAI"]
[Tue Aug 05 11:03:26.748919 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aJHI3qwAMarSM4GUXkstzgAAAAI"]
[Tue Aug 05 11:03:26.749060 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/stash"] [unique_id "aJHI3qwAMarSM4GUXkstzgAAAAI"]
[Tue Aug 05 11:03:26.771374 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/tags/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/tags/"] [unique_id "aJHI3qwAMarSM4GUXkstzwAAAAI"]
[Tue Aug 05 11:03:26.771561 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/tags/"] [unique_id "aJHI3qwAMarSM4GUXkstzwAAAAI"]
[Tue Aug 05 11:03:26.771712 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/refs/tags/"] [unique_id "aJHI3qwAMarSM4GUXkstzwAAAAI"]
[Tue Aug 05 11:03:27.112858 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/shell.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/shell.php"] [unique_id "aJHI36wAMarSM4GUXkst0AAAAAI"]
[Tue Aug 05 11:03:27.113131 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/shell.php"] [unique_id "aJHI36wAMarSM4GUXkst0AAAAAI"]
[Tue Aug 05 11:03:27.114018 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/shell.php"] [unique_id "aJHI36wAMarSM4GUXkst0AAAAAI"]
[Tue Aug 05 11:03:27.136216 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".netrc" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .netrc found within REQUEST_FILENAME: /.netrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aJHI36wAMarSM4GUXkst0QAAAAI"]
[Tue Aug 05 11:03:27.136416 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aJHI36wAMarSM4GUXkst0QAAAAI"]
[Tue Aug 05 11:03:27.136583 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.netrc"] [unique_id "aJHI36wAMarSM4GUXkst0QAAAAI"]
[Tue Aug 05 11:03:27.227708 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJHI36wAMarSM4GUXkst1QAAAAI"]
[Tue Aug 05 11:03:27.227893 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJHI36wAMarSM4GUXkst1QAAAAI"]
[Tue Aug 05 11:03:27.228056 2025] [:error] [pid 1715287] [client 185.177.72.115:30042] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aJHI36wAMarSM4GUXkst1QAAAAI"]
[Tue Aug 05 11:03:29.671095 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJHI4YT2dZ5PqApOWJqJwAAAAAw"]
[Tue Aug 05 11:03:29.671334 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJHI4YT2dZ5PqApOWJqJwAAAAAw"]
[Tue Aug 05 11:03:29.671502 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aJHI4YT2dZ5PqApOWJqJwAAAAAw"]
[Tue Aug 05 11:03:30.266659 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.sql"] [unique_id "aJHI4oT2dZ5PqApOWJqJyAAAAAw"]
[Tue Aug 05 11:03:30.267000 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.sql"] [unique_id "aJHI4oT2dZ5PqApOWJqJyAAAAAw"]
[Tue Aug 05 11:03:30.267196 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/db.sql"] [unique_id "aJHI4oT2dZ5PqApOWJqJyAAAAAw"]
[Tue Aug 05 11:03:30.429515 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug"] [unique_id "aJHI4oT2dZ5PqApOWJqJzAAAAAw"]
[Tue Aug 05 11:03:30.429921 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug"] [unique_id "aJHI4oT2dZ5PqApOWJqJzAAAAAw"]
[Tue Aug 05 11:03:30.430111 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/debug"] [unique_id "aJHI4oT2dZ5PqApOWJqJzAAAAAw"]
[Tue Aug 05 11:03:31.430563 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/test"] [unique_id "aJHI44T2dZ5PqApOWJqJ3AAAAAw"]
[Tue Aug 05 11:03:31.430965 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/test"] [unique_id "aJHI44T2dZ5PqApOWJqJ3AAAAAw"]
[Tue Aug 05 11:03:31.431146 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/test"] [unique_id "aJHI44T2dZ5PqApOWJqJ3AAAAAw"]
[Tue Aug 05 11:03:31.470569 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aJHI44T2dZ5PqApOWJqJ3QAAAAw"]
[Tue Aug 05 11:03:31.470781 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aJHI44T2dZ5PqApOWJqJ3QAAAAw"]
[Tue Aug 05 11:03:31.470968 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/ansible/.env"] [unique_id "aJHI44T2dZ5PqApOWJqJ3QAAAAw"]
[Tue Aug 05 11:03:31.802479 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env"] [unique_id "aJHI44T2dZ5PqApOWJqJ3gAAAAw"]
[Tue Aug 05 11:03:31.802727 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env"] [unique_id "aJHI44T2dZ5PqApOWJqJ3gAAAAw"]
[Tue Aug 05 11:03:31.802937 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env"] [unique_id "aJHI44T2dZ5PqApOWJqJ3gAAAAw"]
[Tue Aug 05 11:03:31.845183 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aJHI44T2dZ5PqApOWJqJ3wAAAAw"]
[Tue Aug 05 11:03:31.845339 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aJHI44T2dZ5PqApOWJqJ3wAAAAw"]
[Tue Aug 05 11:03:31.845568 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aJHI44T2dZ5PqApOWJqJ3wAAAAw"]
[Tue Aug 05 11:03:31.845750 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.bak"] [unique_id "aJHI44T2dZ5PqApOWJqJ3wAAAAw"]
[Tue Aug 05 11:03:31.885567 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.dev"] [unique_id "aJHI44T2dZ5PqApOWJqJ4AAAAAw"]
[Tue Aug 05 11:03:31.885828 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.dev"] [unique_id "aJHI44T2dZ5PqApOWJqJ4AAAAAw"]
[Tue Aug 05 11:03:31.886020 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.dev"] [unique_id "aJHI44T2dZ5PqApOWJqJ4AAAAAw"]
[Tue Aug 05 11:03:31.925539 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.local"] [unique_id "aJHI44T2dZ5PqApOWJqJ4QAAAAw"]
[Tue Aug 05 11:03:31.925769 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.local"] [unique_id "aJHI44T2dZ5PqApOWJqJ4QAAAAw"]
[Tue Aug 05 11:03:31.925949 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.local"] [unique_id "aJHI44T2dZ5PqApOWJqJ4QAAAAw"]
[Tue Aug 05 11:03:31.965545 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.production"] [unique_id "aJHI44T2dZ5PqApOWJqJ4gAAAAw"]
[Tue Aug 05 11:03:31.965791 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.production"] [unique_id "aJHI44T2dZ5PqApOWJqJ4gAAAAw"]
[Tue Aug 05 11:03:31.965972 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.production"] [unique_id "aJHI44T2dZ5PqApOWJqJ4gAAAAw"]
[Tue Aug 05 11:03:32.005546 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-gateway/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.staging"] [unique_id "aJHI5IT2dZ5PqApOWJqJ4wAAAAw"]
[Tue Aug 05 11:03:32.005778 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.staging"] [unique_id "aJHI5IT2dZ5PqApOWJqJ4wAAAAw"]
[Tue Aug 05 11:03:32.005979 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api-gateway/.env.staging"] [unique_id "aJHI5IT2dZ5PqApOWJqJ4wAAAAw"]
[Tue Aug 05 11:03:32.167909 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJHI5IT2dZ5PqApOWJqJ5wAAAAw"]
[Tue Aug 05 11:03:32.168172 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJHI5IT2dZ5PqApOWJqJ5wAAAAw"]
[Tue Aug 05 11:03:32.168353 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJHI5IT2dZ5PqApOWJqJ5wAAAAw"]
[Tue Aug 05 11:03:32.948262 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /api/config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aJHI5IT2dZ5PqApOWJqJ9QAAAAw"]
[Tue Aug 05 11:03:32.948485 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aJHI5IT2dZ5PqApOWJqJ9QAAAAw"]
[Tue Aug 05 11:03:32.948654 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/config/config.yml"] [unique_id "aJHI5IT2dZ5PqApOWJqJ9QAAAAw"]
[Tue Aug 05 11:03:32.988164 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db.sql"] [unique_id "aJHI5IT2dZ5PqApOWJqJ9gAAAAw"]
[Tue Aug 05 11:03:32.988508 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db.sql"] [unique_id "aJHI5IT2dZ5PqApOWJqJ9gAAAAw"]
[Tue Aug 05 11:03:32.988699 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/db.sql"] [unique_id "aJHI5IT2dZ5PqApOWJqJ9gAAAAw"]
[Tue Aug 05 11:03:33.383774 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/api/debug"] [unique_id "aJHI5YT2dZ5PqApOWJqJ-QAAAAw"]
[Tue Aug 05 11:03:33.384174 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/debug"] [unique_id "aJHI5YT2dZ5PqApOWJqJ-QAAAAw"]
[Tue Aug 05 11:03:33.384362 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/debug"] [unique_id "aJHI5YT2dZ5PqApOWJqJ-QAAAAw"]
[Tue Aug 05 11:03:33.504799 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal-aws"] [unique_id "aJHI5YT2dZ5PqApOWJqJ_AAAAAw"]
[Tue Aug 05 11:03:33.505226 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal-aws"] [unique_id "aJHI5YT2dZ5PqApOWJqJ_AAAAAw"]
[Tue Aug 05 11:03:33.505431 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/internal-aws"] [unique_id "aJHI5YT2dZ5PqApOWJqJ_AAAAAw"]
[Tue Aug 05 11:03:33.585537 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aJHI5YT2dZ5PqApOWJqJ_gAAAAw"]
[Tue Aug 05 11:03:33.585786 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aJHI5YT2dZ5PqApOWJqJ_gAAAAw"]
[Tue Aug 05 11:03:33.585963 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aJHI5YT2dZ5PqApOWJqJ_gAAAAw"]
[Tue Aug 05 11:03:33.665967 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aJHI5YT2dZ5PqApOWJqKAAAAAAw"]
[Tue Aug 05 11:03:33.666208 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aJHI5YT2dZ5PqApOWJqKAAAAAAw"]
[Tue Aug 05 11:03:33.666432 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aJHI5YT2dZ5PqApOWJqKAAAAAAw"]
[Tue Aug 05 11:03:34.398558 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/proxy"] [unique_id "aJHI5oT2dZ5PqApOWJqKCQAAAAw"]
[Tue Aug 05 11:03:34.398941 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/proxy"] [unique_id "aJHI5oT2dZ5PqApOWJqKCQAAAAw"]
[Tue Aug 05 11:03:34.399140 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/v1/proxy"] [unique_id "aJHI5oT2dZ5PqApOWJqKCQAAAAw"]
[Tue Aug 05 11:03:34.562236 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJHI5oT2dZ5PqApOWJqKDQAAAAw"]
[Tue Aug 05 11:03:34.562494 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJHI5oT2dZ5PqApOWJqKDQAAAAw"]
[Tue Aug 05 11:03:34.562705 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJHI5oT2dZ5PqApOWJqKDQAAAAw"]
[Tue Aug 05 11:03:34.602236 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aJHI5oT2dZ5PqApOWJqKDgAAAAw"]
[Tue Aug 05 11:03:34.602487 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aJHI5oT2dZ5PqApOWJqKDgAAAAw"]
[Tue Aug 05 11:03:34.602673 2025] [:error] [pid 1720187] [client 185.177.72.115:30050] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aJHI5oT2dZ5PqApOWJqKDgAAAAw"]
[Tue Aug 05 11:03:36.629517 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNvAAAAA4"]
[Tue Aug 05 11:03:36.629774 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNvAAAAA4"]
[Tue Aug 05 11:03:36.629952 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNvAAAAA4"]
[Tue Aug 05 11:03:36.658889 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNvQAAAA4"]
[Tue Aug 05 11:03:36.659111 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNvQAAAA4"]
[Tue Aug 05 11:03:36.659271 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNvQAAAA4"]
[Tue Aug 05 11:03:36.688235 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:target. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:target: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-admin"] [unique_id "aJHI6ATfs-xnRnhnFBwNvgAAAA4"]
[Tue Aug 05 11:03:36.688612 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-admin"] [unique_id "aJHI6ATfs-xnRnhnFBwNvgAAAA4"]
[Tue Aug 05 11:03:36.688785 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-admin"] [unique_id "aJHI6ATfs-xnRnhnFBwNvgAAAA4"]
[Tue Aug 05 11:03:36.717913 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-api"] [unique_id "aJHI6ATfs-xnRnhnFBwNvwAAAA4"]
[Tue Aug 05 11:03:36.718270 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-api"] [unique_id "aJHI6ATfs-xnRnhnFBwNvwAAAA4"]
[Tue Aug 05 11:03:36.718443 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws-api"] [unique_id "aJHI6ATfs-xnRnhnFBwNvwAAAA4"]
[Tue Aug 05 11:03:36.899725 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNxQAAAA4"]
[Tue Aug 05 11:03:36.899911 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNxQAAAA4"]
[Tue Aug 05 11:03:36.900050 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env"] [unique_id "aJHI6ATfs-xnRnhnFBwNxQAAAA4"]
[Tue Aug 05 11:03:36.928934 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.prod"] [unique_id "aJHI6ATfs-xnRnhnFBwNxgAAAA4"]
[Tue Aug 05 11:03:36.929097 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.prod"] [unique_id "aJHI6ATfs-xnRnhnFBwNxgAAAA4"]
[Tue Aug 05 11:03:36.929237 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.prod"] [unique_id "aJHI6ATfs-xnRnhnFBwNxgAAAA4"]
[Tue Aug 05 11:03:36.959125 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env.ses"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.ses"] [unique_id "aJHI6ATfs-xnRnhnFBwNxwAAAA4"]
[Tue Aug 05 11:03:36.959296 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.ses"] [unique_id "aJHI6ATfs-xnRnhnFBwNxwAAAA4"]
[Tue Aug 05 11:03:36.959444 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/.env.ses"] [unique_id "aJHI6ATfs-xnRnhnFBwNxwAAAA4"]
[Tue Aug 05 11:03:37.480772 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/config.ini"] [unique_id "aJHI6QTfs-xnRnhnFBwN1AAAAA4"]
[Tue Aug 05 11:03:37.481056 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/config.ini"] [unique_id "aJHI6QTfs-xnRnhnFBwN1AAAAA4"]
[Tue Aug 05 11:03:37.481215 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/config.ini"] [unique_id "aJHI6QTfs-xnRnhnFBwN1AAAAA4"]
[Tue Aug 05 11:03:38.563288 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/s3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/.env"] [unique_id "aJHI6gTfs-xnRnhnFBwN8AAAAA4"]
[Tue Aug 05 11:03:38.563492 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/.env"] [unique_id "aJHI6gTfs-xnRnhnFBwN8AAAAA4"]
[Tue Aug 05 11:03:38.563638 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/.env"] [unique_id "aJHI6gTfs-xnRnhnFBwN8AAAAA4"]
[Tue Aug 05 11:03:38.951996 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/credentials.bak"] [unique_id "aJHI6gTfs-xnRnhnFBwN8gAAAA4"]
[Tue Aug 05 11:03:38.952368 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/credentials.bak"] [unique_id "aJHI6gTfs-xnRnhnFBwN8gAAAA4"]
[Tue Aug 05 11:03:38.952619 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/aws/s3/credentials.bak"] [unique_id "aJHI6gTfs-xnRnhnFBwN8gAAAA4"]
[Tue Aug 05 11:03:40.066678 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aJHI7ATfs-xnRnhnFBwODwAAAA4"]
[Tue Aug 05 11:03:40.066905 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aJHI7ATfs-xnRnhnFBwODwAAAA4"]
[Tue Aug 05 11:03:40.067075 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aJHI7ATfs-xnRnhnFBwODwAAAA4"]
[Tue Aug 05 11:03:40.096142 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJHI7ATfs-xnRnhnFBwOEAAAAA4"]
[Tue Aug 05 11:03:40.096376 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJHI7ATfs-xnRnhnFBwOEAAAAA4"]
[Tue Aug 05 11:03:40.096645 2025] [:error] [pid 1720189] [client 185.177.72.115:18978] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJHI7ATfs-xnRnhnFBwOEAAAAA4"]
[Tue Aug 05 11:03:40.816648 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backups/.env"] [unique_id "aJHI7DoY6lxTouuFksPuvQAAAAY"]
[Tue Aug 05 11:03:40.816886 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backups/.env"] [unique_id "aJHI7DoY6lxTouuFksPuvQAAAAY"]
[Tue Aug 05 11:03:40.817043 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backups/.env"] [unique_id "aJHI7DoY6lxTouuFksPuvQAAAAY"]
[Tue Aug 05 11:03:40.837434 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/db.sql"] [unique_id "aJHI7DoY6lxTouuFksPuvgAAAAY"]
[Tue Aug 05 11:03:40.837765 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/db.sql"] [unique_id "aJHI7DoY6lxTouuFksPuvgAAAAY"]
[Tue Aug 05 11:03:40.837963 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/beta/db.sql"] [unique_id "aJHI7DoY6lxTouuFksPuvgAAAAY"]
[Tue Aug 05 11:03:40.985605 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aJHI7DoY6lxTouuFksPuxQAAAAY"]
[Tue Aug 05 11:03:40.985842 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aJHI7DoY6lxTouuFksPuxQAAAAY"]
[Tue Aug 05 11:03:40.986017 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aJHI7DoY6lxTouuFksPuxQAAAAY"]
[Tue Aug 05 11:03:41.006057 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aJHI7ToY6lxTouuFksPuxgAAAAY"]
[Tue Aug 05 11:03:41.006390 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aJHI7ToY6lxTouuFksPuxgAAAAY"]
[Tue Aug 05 11:03:41.006549 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.bak"] [unique_id "aJHI7ToY6lxTouuFksPuxgAAAAY"]
[Tue Aug 05 11:03:41.302782 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aJHI7ToY6lxTouuFksPuywAAAAY"]
[Tue Aug 05 11:03:41.303089 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aJHI7ToY6lxTouuFksPuywAAAAY"]
[Tue Aug 05 11:03:41.303277 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.old"] [unique_id "aJHI7ToY6lxTouuFksPuywAAAAY"]
[Tue Aug 05 11:03:41.378472 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aJHI7ToY6lxTouuFksPuzAAAAAY"]
[Tue Aug 05 11:03:41.378809 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aJHI7ToY6lxTouuFksPuzAAAAAY"]
[Tue Aug 05 11:03:41.378977 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.php.bak"] [unique_id "aJHI7ToY6lxTouuFksPuzAAAAAY"]
[Tue Aug 05 11:03:41.399162 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJHI7ToY6lxTouuFksPuzQAAAAY"]
[Tue Aug 05 11:03:41.399357 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJHI7ToY6lxTouuFksPuzQAAAAY"]
[Tue Aug 05 11:03:41.399514 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJHI7ToY6lxTouuFksPuzQAAAAY"]
[Tue Aug 05 11:03:41.423209 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /config/.htaccess"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htaccess"] [unique_id "aJHI7ToY6lxTouuFksPuzgAAAAY"]
[Tue Aug 05 11:03:41.423399 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htaccess"] [unique_id "aJHI7ToY6lxTouuFksPuzgAAAAY"]
[Tue Aug 05 11:03:41.423545 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htaccess"] [unique_id "aJHI7ToY6lxTouuFksPuzgAAAAY"]
[Tue Aug 05 11:03:41.444976 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /config/.htpasswd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htpasswd"] [unique_id "aJHI7ToY6lxTouuFksPuzwAAAAY"]
[Tue Aug 05 11:03:41.445220 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htpasswd"] [unique_id "aJHI7ToY6lxTouuFksPuzwAAAAY"]
[Tue Aug 05 11:03:41.445413 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.htpasswd"] [unique_id "aJHI7ToY6lxTouuFksPuzwAAAAY"]
[Tue Aug 05 11:03:41.634854 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aJHI7ToY6lxTouuFksPu2AAAAAY"]
[Tue Aug 05 11:03:41.635066 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aJHI7ToY6lxTouuFksPu2AAAAAY"]
[Tue Aug 05 11:03:41.635219 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aJHI7ToY6lxTouuFksPu2AAAAAY"]
[Tue Aug 05 11:03:41.802108 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aJHI7ToY6lxTouuFksPu4AAAAAY"]
[Tue Aug 05 11:03:41.802368 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aJHI7ToY6lxTouuFksPu4AAAAAY"]
[Tue Aug 05 11:03:41.802569 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aJHI7ToY6lxTouuFksPu4AAAAAY"]
[Tue Aug 05 11:03:42.366699 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aJHI7joY6lxTouuFksPu7wAAAAY"]
[Tue Aug 05 11:03:42.366923 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aJHI7joY6lxTouuFksPu7wAAAAY"]
[Tue Aug 05 11:03:42.367096 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aJHI7joY6lxTouuFksPu7wAAAAY"]
[Tue Aug 05 11:03:42.387350 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJHI7joY6lxTouuFksPu8AAAAAY"]
[Tue Aug 05 11:03:42.387584 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJHI7joY6lxTouuFksPu8AAAAAY"]
[Tue Aug 05 11:03:42.387766 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aJHI7joY6lxTouuFksPu8AAAAAY"]
[Tue Aug 05 11:03:42.407846 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aJHI7joY6lxTouuFksPu8QAAAAY"]
[Tue Aug 05 11:03:42.408051 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aJHI7joY6lxTouuFksPu8QAAAAY"]
[Tue Aug 05 11:03:42.408214 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aJHI7joY6lxTouuFksPu8QAAAAY"]
[Tue Aug 05 11:03:42.449787 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aJHI7joY6lxTouuFksPu8wAAAAY"]
[Tue Aug 05 11:03:42.450015 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aJHI7joY6lxTouuFksPu8wAAAAY"]
[Tue Aug 05 11:03:42.450210 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/data/.env"] [unique_id "aJHI7joY6lxTouuFksPu8wAAAAY"]
[Tue Aug 05 11:03:42.491658 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aJHI7joY6lxTouuFksPu9QAAAAY"]
[Tue Aug 05 11:03:42.492031 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aJHI7joY6lxTouuFksPu9QAAAAY"]
[Tue Aug 05 11:03:42.492202 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db.sql"] [unique_id "aJHI7joY6lxTouuFksPu9QAAAAY"]
[Tue Aug 05 11:03:42.512347 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /db/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/db/.env"] [unique_id "aJHI7joY6lxTouuFksPu9gAAAAY"]
[Tue Aug 05 11:03:42.512549 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db/.env"] [unique_id "aJHI7joY6lxTouuFksPu9gAAAAY"]
[Tue Aug 05 11:03:42.512708 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db/.env"] [unique_id "aJHI7joY6lxTouuFksPu9gAAAAY"]
[Tue Aug 05 11:03:42.532944 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aJHI7joY6lxTouuFksPu9wAAAAY"]
[Tue Aug 05 11:03:42.533269 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aJHI7joY6lxTouuFksPu9wAAAAY"]
[Tue Aug 05 11:03:42.533439 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aJHI7joY6lxTouuFksPu9wAAAAY"]
[Tue Aug 05 11:03:42.595595 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:target. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:target: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/debug"] [unique_id "aJHI7joY6lxTouuFksPu-gAAAAY"]
[Tue Aug 05 11:03:42.595967 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug"] [unique_id "aJHI7joY6lxTouuFksPu-gAAAAY"]
[Tue Aug 05 11:03:42.596140 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug"] [unique_id "aJHI7joY6lxTouuFksPu-gAAAAY"]
[Tue Aug 05 11:03:42.616222 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJHI7joY6lxTouuFksPu-wAAAAY"]
[Tue Aug 05 11:03:42.616395 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJHI7joY6lxTouuFksPu-wAAAAY"]
[Tue Aug 05 11:03:42.616535 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJHI7joY6lxTouuFksPu-wAAAAY"]
[Tue Aug 05 11:03:42.636684 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/db.sql"] [unique_id "aJHI7joY6lxTouuFksPu_AAAAAY"]
[Tue Aug 05 11:03:42.636961 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/db.sql"] [unique_id "aJHI7joY6lxTouuFksPu_AAAAAY"]
[Tue Aug 05 11:03:42.637115 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/db.sql"] [unique_id "aJHI7joY6lxTouuFksPu_AAAAAY"]
[Tue Aug 05 11:03:42.855482 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJHI7joY6lxTouuFksPu_wAAAAY"]
[Tue Aug 05 11:03:42.855680 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJHI7joY6lxTouuFksPu_wAAAAY"]
[Tue Aug 05 11:03:42.855845 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJHI7joY6lxTouuFksPu_wAAAAY"]
[Tue Aug 05 11:03:42.875895 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJHI7joY6lxTouuFksPvAAAAAAY"]
[Tue Aug 05 11:03:42.876103 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJHI7joY6lxTouuFksPvAAAAAAY"]
[Tue Aug 05 11:03:42.876255 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aJHI7joY6lxTouuFksPvAAAAAAY"]
[Tue Aug 05 11:03:42.896243 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aJHI7joY6lxTouuFksPvAQAAAAY"]
[Tue Aug 05 11:03:42.896433 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aJHI7joY6lxTouuFksPvAQAAAAY"]
[Tue Aug 05 11:03:42.896601 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aJHI7joY6lxTouuFksPvAQAAAAY"]
[Tue Aug 05 11:03:43.030781 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aJHI7zoY6lxTouuFksPvBwAAAAY"]
[Tue Aug 05 11:03:43.030954 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aJHI7zoY6lxTouuFksPvBwAAAAY"]
[Tue Aug 05 11:03:43.031109 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aJHI7zoY6lxTouuFksPvBwAAAAY"]
[Tue Aug 05 11:03:43.082535 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /hidden/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/config"] [unique_id "aJHI7zoY6lxTouuFksPvCQAAAAY"]
[Tue Aug 05 11:03:43.082732 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/config"] [unique_id "aJHI7zoY6lxTouuFksPvCQAAAAY"]
[Tue Aug 05 11:03:43.082885 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/config"] [unique_id "aJHI7zoY6lxTouuFksPvCQAAAAY"]
[Tue Aug 05 11:03:43.102931 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /hidden/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/credentials"] [unique_id "aJHI7zoY6lxTouuFksPvCgAAAAY"]
[Tue Aug 05 11:03:43.103122 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/credentials"] [unique_id "aJHI7zoY6lxTouuFksPvCgAAAAY"]
[Tue Aug 05 11:03:43.103283 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.aws/credentials"] [unique_id "aJHI7zoY6lxTouuFksPvCgAAAAY"]
[Tue Aug 05 11:03:43.123306 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /hidden/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.env"] [unique_id "aJHI7zoY6lxTouuFksPvCwAAAAY"]
[Tue Aug 05 11:03:43.123486 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.env"] [unique_id "aJHI7zoY6lxTouuFksPvCwAAAAY"]
[Tue Aug 05 11:03:43.123643 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/hidden/.env"] [unique_id "aJHI7zoY6lxTouuFksPvCwAAAAY"]
[Tue Aug 05 11:03:43.271127 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/admin"] [unique_id "aJHI7zoY6lxTouuFksPvEgAAAAY"]
[Tue Aug 05 11:03:43.271465 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/admin"] [unique_id "aJHI7zoY6lxTouuFksPvEgAAAAY"]
[Tue Aug 05 11:03:43.271613 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/internal/admin"] [unique_id "aJHI7zoY6lxTouuFksPvEgAAAAY"]
[Tue Aug 05 11:03:43.396182 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aJHI7zoY6lxTouuFksPvGAAAAAY"]
[Tue Aug 05 11:03:43.396356 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aJHI7zoY6lxTouuFksPvGAAAAAY"]
[Tue Aug 05 11:03:43.396502 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aJHI7zoY6lxTouuFksPvGAAAAAY"]
[Tue Aug 05 11:03:43.437153 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aJHI7zoY6lxTouuFksPvGgAAAAY"]
[Tue Aug 05 11:03:43.437353 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aJHI7zoY6lxTouuFksPvGgAAAAY"]
[Tue Aug 05 11:03:43.437497 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/k8s/.env"] [unique_id "aJHI7zoY6lxTouuFksPvGgAAAAY"]
[Tue Aug 05 11:03:43.921199 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aJHI7zoY6lxTouuFksPvIAAAAAY"]
[Tue Aug 05 11:03:43.921431 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aJHI7zoY6lxTouuFksPvIAAAAAY"]
[Tue Aug 05 11:03:43.921608 2025] [:error] [pid 1720181] [client 185.177.72.115:18468] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aJHI7zoY6lxTouuFksPvIAAAAAY"]
[Tue Aug 05 11:03:44.110334 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYMQAAABA"]
[Tue Aug 05 11:03:44.110593 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYMQAAABA"]
[Tue Aug 05 11:03:44.110767 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYMQAAABA"]
[Tue Aug 05 11:03:44.133160 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYMgAAABA"]
[Tue Aug 05 11:03:44.133360 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYMgAAABA"]
[Tue Aug 05 11:03:44.133515 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/core/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYMgAAABA"]
[Tue Aug 05 11:03:44.179153 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNAAAABA"]
[Tue Aug 05 11:03:44.179338 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNAAAABA"]
[Tue Aug 05 11:03:44.179481 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNAAAABA"]
[Tue Aug 05 11:03:44.201864 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNQAAABA"]
[Tue Aug 05 11:03:44.202153 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNQAAABA"]
[Tue Aug 05 11:03:44.202313 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/debug.log"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNQAAABA"]
[Tue Aug 05 11:03:44.224581 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNgAAABA"]
[Tue Aug 05 11:03:44.224859 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNgAAABA"]
[Tue Aug 05 11:03:44.225011 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNgAAABA"]
[Tue Aug 05 11:03:44.247497 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNwAAABA"]
[Tue Aug 05 11:03:44.247681 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNwAAABA"]
[Tue Aug 05 11:03:44.247886 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYNwAAABA"]
[Tue Aug 05 11:03:44.270868 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYOAAAABA"]
[Tue Aug 05 11:03:44.271207 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYOAAAABA"]
[Tue Aug 05 11:03:44.271453 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mailer/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYOAAAABA"]
[Tue Aug 05 11:03:44.294090 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYOQAAABA"]
[Tue Aug 05 11:03:44.294315 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYOQAAABA"]
[Tue Aug 05 11:03:44.294521 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aJHI8Fgw4HLFH7L0P7lYOQAAABA"]
[Tue Aug 05 11:03:45.028993 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYSgAAABA"]
[Tue Aug 05 11:03:45.029223 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYSgAAABA"]
[Tue Aug 05 11:03:45.029388 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYSgAAABA"]
[Tue Aug 05 11:03:45.053336 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aJHI8Vgw4HLFH7L0P7lYSwAAABA"]
[Tue Aug 05 11:03:45.053570 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aJHI8Vgw4HLFH7L0P7lYSwAAABA"]
[Tue Aug 05 11:03:45.053744 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aJHI8Vgw4HLFH7L0P7lYSwAAABA"]
[Tue Aug 05 11:03:45.076541 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTAAAABA"]
[Tue Aug 05 11:03:45.076768 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTAAAABA"]
[Tue Aug 05 11:03:45.076956 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTAAAABA"]
[Tue Aug 05 11:03:45.447137 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTQAAABA"]
[Tue Aug 05 11:03:45.447368 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTQAAABA"]
[Tue Aug 05 11:03:45.447558 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTQAAABA"]
[Tue Aug 05 11:03:45.469998 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTgAAABA"]
[Tue Aug 05 11:03:45.470209 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTgAAABA"]
[Tue Aug 05 11:03:45.470379 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTgAAABA"]
[Tue Aug 05 11:03:45.492925 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env_example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTwAAABA"]
[Tue Aug 05 11:03:45.493132 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTwAAABA"]
[Tue Aug 05 11:03:45.493279 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node/.env_example"] [unique_id "aJHI8Vgw4HLFH7L0P7lYTwAAABA"]
[Tue Aug 05 11:03:45.515775 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYUAAAABA"]
[Tue Aug 05 11:03:45.515998 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYUAAAABA"]
[Tue Aug 05 11:03:45.516141 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node_modules/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYUAAAABA"]
[Tue Aug 05 11:03:45.538745 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYUQAAABA"]
[Tue Aug 05 11:03:45.538956 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYUQAAABA"]
[Tue Aug 05 11:03:45.539110 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/old/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYUQAAABA"]
[Tue Aug 05 11:03:45.631085 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVQAAABA"]
[Tue Aug 05 11:03:45.631150 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVQAAABA"]
[Tue Aug 05 11:03:45.631188 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVQAAABA"]
[Tue Aug 05 11:03:45.631807 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVQAAABA"]
[Tue Aug 05 11:03:45.631945 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVQAAABA"]
[Tue Aug 05 11:03:45.654629 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVgAAABA"]
[Tue Aug 05 11:03:45.654914 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVgAAABA"]
[Tue Aug 05 11:03:45.655117 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVgAAABA"]
[Tue Aug 05 11:03:45.678739 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVwAAABA"]
[Tue Aug 05 11:03:45.678968 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVwAAABA"]
[Tue Aug 05 11:03:45.679145 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/private/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYVwAAABA"]
[Tue Aug 05 11:03:45.772095 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYWwAAABA"]
[Tue Aug 05 11:03:45.772328 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYWwAAABA"]
[Tue Aug 05 11:03:45.772508 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aJHI8Vgw4HLFH7L0P7lYWwAAABA"]
[Tue Aug 05 11:03:45.795183 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /public/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/config"] [unique_id "aJHI8Vgw4HLFH7L0P7lYXAAAABA"]
[Tue Aug 05 11:03:45.795411 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/config"] [unique_id "aJHI8Vgw4HLFH7L0P7lYXAAAABA"]
[Tue Aug 05 11:03:45.795588 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/config"] [unique_id "aJHI8Vgw4HLFH7L0P7lYXAAAABA"]
[Tue Aug 05 11:03:45.818101 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /public/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/credentials"] [unique_id "aJHI8Vgw4HLFH7L0P7lYXQAAABA"]
[Tue Aug 05 11:03:45.818316 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/credentials"] [unique_id "aJHI8Vgw4HLFH7L0P7lYXQAAABA"]
[Tue Aug 05 11:03:45.818515 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.aws/credentials"] [unique_id "aJHI8Vgw4HLFH7L0P7lYXQAAABA"]
[Tue Aug 05 11:03:46.069744 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYXwAAABA"]
[Tue Aug 05 11:03:46.069973 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYXwAAABA"]
[Tue Aug 05 11:03:46.070184 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYXwAAABA"]
[Tue Aug 05 11:03:46.146808 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db.sql"] [unique_id "aJHI8lgw4HLFH7L0P7lYYgAAABA"]
[Tue Aug 05 11:03:46.147125 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db.sql"] [unique_id "aJHI8lgw4HLFH7L0P7lYYgAAABA"]
[Tue Aug 05 11:03:46.147308 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/db.sql"] [unique_id "aJHI8lgw4HLFH7L0P7lYYgAAABA"]
[Tue Aug 05 11:03:46.315816 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYaQAAABA"]
[Tue Aug 05 11:03:46.316021 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYaQAAABA"]
[Tue Aug 05 11:03:46.316188 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/resources/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYaQAAABA"]
[Tue Aug 05 11:03:46.407925 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/s3-credentials.bak"] [unique_id "aJHI8lgw4HLFH7L0P7lYbQAAABA"]
[Tue Aug 05 11:03:46.408240 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3-credentials.bak"] [unique_id "aJHI8lgw4HLFH7L0P7lYbQAAABA"]
[Tue Aug 05 11:03:46.408399 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3-credentials.bak"] [unique_id "aJHI8lgw4HLFH7L0P7lYbQAAABA"]
[Tue Aug 05 11:03:46.500733 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /s3/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config"] [unique_id "aJHI8lgw4HLFH7L0P7lYcQAAABA"]
[Tue Aug 05 11:03:46.500918 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config"] [unique_id "aJHI8lgw4HLFH7L0P7lYcQAAABA"]
[Tue Aug 05 11:03:46.501081 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config"] [unique_id "aJHI8lgw4HLFH7L0P7lYcQAAABA"]
[Tue Aug 05 11:03:46.523616 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /s3/.aws/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config.json"] [unique_id "aJHI8lgw4HLFH7L0P7lYcgAAABA"]
[Tue Aug 05 11:03:46.523809 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config.json"] [unique_id "aJHI8lgw4HLFH7L0P7lYcgAAABA"]
[Tue Aug 05 11:03:46.523967 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/config.json"] [unique_id "aJHI8lgw4HLFH7L0P7lYcgAAABA"]
[Tue Aug 05 11:03:46.546368 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /s3/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/credentials"] [unique_id "aJHI8lgw4HLFH7L0P7lYcwAAABA"]
[Tue Aug 05 11:03:46.546551 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/credentials"] [unique_id "aJHI8lgw4HLFH7L0P7lYcwAAABA"]
[Tue Aug 05 11:03:46.546695 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.aws/credentials"] [unique_id "aJHI8lgw4HLFH7L0P7lYcwAAABA"]
[Tue Aug 05 11:03:46.569054 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /s3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYdAAAABA"]
[Tue Aug 05 11:03:46.569248 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYdAAAABA"]
[Tue Aug 05 11:03:46.569417 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env"] [unique_id "aJHI8lgw4HLFH7L0P7lYdAAAABA"]
[Tue Aug 05 11:03:46.591808 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aJHI8lgw4HLFH7L0P7lYdQAAABA"]
[Tue Aug 05 11:03:46.591944 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /s3/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aJHI8lgw4HLFH7L0P7lYdQAAABA"]
[Tue Aug 05 11:03:46.592129 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aJHI8lgw4HLFH7L0P7lYdQAAABA"]
[Tue Aug 05 11:03:46.592285 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/s3/.env.bak"] [unique_id "aJHI8lgw4HLFH7L0P7lYdQAAABA"]
[Tue Aug 05 11:03:47.092746 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /secret/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/secret/.env"] [unique_id "aJHI81gw4HLFH7L0P7lYgAAAABA"]
[Tue Aug 05 11:03:47.092991 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/secret/.env"] [unique_id "aJHI81gw4HLFH7L0P7lYgAAAABA"]
[Tue Aug 05 11:03:47.093162 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/secret/.env"] [unique_id "aJHI81gw4HLFH7L0P7lYgAAAABA"]
[Tue Aug 05 11:03:47.233147 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid.key"] [unique_id "aJHI81gw4HLFH7L0P7lYhgAAABA"]
[Tue Aug 05 11:03:47.233479 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid.key"] [unique_id "aJHI81gw4HLFH7L0P7lYhgAAABA"]
[Tue Aug 05 11:03:47.233647 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sendgrid.key"] [unique_id "aJHI81gw4HLFH7L0P7lYhgAAABA"]
[Tue Aug 05 11:03:47.326323 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJHI81gw4HLFH7L0P7lYigAAABA"]
[Tue Aug 05 11:03:47.326550 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJHI81gw4HLFH7L0P7lYigAAABA"]
[Tue Aug 05 11:03:47.326699 2025] [:error] [pid 1720191] [client 185.177.72.115:18472] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJHI81gw4HLFH7L0P7lYigAAABA"]
[Tue Aug 05 11:03:48.180270 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aJHI9Csui0BrQ5itqPqJ-AAAABE"]
[Tue Aug 05 11:03:48.180608 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aJHI9Csui0BrQ5itqPqJ-AAAABE"]
[Tue Aug 05 11:03:48.180781 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aJHI9Csui0BrQ5itqPqJ-AAAABE"]
[Tue Aug 05 11:03:48.200878 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-QAAABE"]
[Tue Aug 05 11:03:48.201113 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-QAAABE"]
[Tue Aug 05 11:03:48.201281 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/symfony/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-QAAABE"]
[Tue Aug 05 11:03:48.221598 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-gAAABE"]
[Tue Aug 05 11:03:48.221835 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-gAAABE"]
[Tue Aug 05 11:03:48.222054 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/terraform/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-gAAABE"]
[Tue Aug 05 11:03:48.552689 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-wAAABE"]
[Tue Aug 05 11:03:48.552941 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-wAAABE"]
[Tue Aug 05 11:03:48.553134 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/.env"] [unique_id "aJHI9Csui0BrQ5itqPqJ-wAAABE"]
[Tue Aug 05 11:03:48.573048 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test/db.sql"] [unique_id "aJHI9Csui0BrQ5itqPqJ_AAAABE"]
[Tue Aug 05 11:03:48.573353 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test/db.sql"] [unique_id "aJHI9Csui0BrQ5itqPqJ_AAAABE"]
[Tue Aug 05 11:03:48.573505 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test/db.sql"] [unique_id "aJHI9Csui0BrQ5itqPqJ_AAAABE"]
[Tue Aug 05 11:03:48.634778 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Pattern match "^(?i:file|ftps?|https?):\\\\/\\\\/(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "54"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pms.test.indacotrentino.com"] [uri "/test"] [unique_id "aJHI9Csui0BrQ5itqPqJ_wAAABE"]
[Tue Aug 05 11:03:48.635165 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test"] [unique_id "aJHI9Csui0BrQ5itqPqJ_wAAABE"]
[Tue Aug 05 11:03:48.635321 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test"] [unique_id "aJHI9Csui0BrQ5itqPqJ_wAAABE"]
[Tue Aug 05 11:03:48.655578 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /tmp/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/config"] [unique_id "aJHI9Csui0BrQ5itqPqKAAAAABE"]
[Tue Aug 05 11:03:48.655767 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/config"] [unique_id "aJHI9Csui0BrQ5itqPqKAAAAABE"]
[Tue Aug 05 11:03:48.655926 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/config"] [unique_id "aJHI9Csui0BrQ5itqPqKAAAAABE"]
[Tue Aug 05 11:03:48.678553 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /tmp/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/credentials"] [unique_id "aJHI9Csui0BrQ5itqPqKAQAAABE"]
[Tue Aug 05 11:03:48.678747 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/credentials"] [unique_id "aJHI9Csui0BrQ5itqPqKAQAAABE"]
[Tue Aug 05 11:03:48.678904 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.aws/credentials"] [unique_id "aJHI9Csui0BrQ5itqPqKAQAAABE"]
[Tue Aug 05 11:03:48.760723 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aJHI9Csui0BrQ5itqPqKBAAAABE"]
[Tue Aug 05 11:03:48.760897 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aJHI9Csui0BrQ5itqPqKBAAAABE"]
[Tue Aug 05 11:03:48.761058 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/.env"] [unique_id "aJHI9Csui0BrQ5itqPqKBAAAABE"]
[Tue Aug 05 11:03:48.826255 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db.sql"] [unique_id "aJHI9Csui0BrQ5itqPqKBwAAABE"]
[Tue Aug 05 11:03:48.826602 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db.sql"] [unique_id "aJHI9Csui0BrQ5itqPqKBwAAABE"]
[Tue Aug 05 11:03:48.826774 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tmp/db.sql"] [unique_id "aJHI9Csui0BrQ5itqPqKBwAAABE"]
[Tue Aug 05 11:03:48.933672 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vault/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vault/.env"] [unique_id "aJHI9Csui0BrQ5itqPqKDAAAABE"]
[Tue Aug 05 11:03:48.933848 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vault/.env"] [unique_id "aJHI9Csui0BrQ5itqPqKDAAAABE"]
[Tue Aug 05 11:03:48.933989 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vault/.env"] [unique_id "aJHI9Csui0BrQ5itqPqKDAAAABE"]
[Tue Aug 05 11:03:48.974637 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /vendor/.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/config"] [unique_id "aJHI9Csui0BrQ5itqPqKDgAAABE"]
[Tue Aug 05 11:03:48.974817 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/config"] [unique_id "aJHI9Csui0BrQ5itqPqKDgAAABE"]
[Tue Aug 05 11:03:48.975000 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/config"] [unique_id "aJHI9Csui0BrQ5itqPqKDgAAABE"]
[Tue Aug 05 11:03:48.995301 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /vendor/.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/credentials"] [unique_id "aJHI9Csui0BrQ5itqPqKDwAAABE"]
[Tue Aug 05 11:03:48.995465 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/credentials"] [unique_id "aJHI9Csui0BrQ5itqPqKDwAAABE"]
[Tue Aug 05 11:03:48.995625 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.aws/credentials"] [unique_id "aJHI9Csui0BrQ5itqPqKDwAAABE"]
[Tue Aug 05 11:03:49.391951 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKEgAAABE"]
[Tue Aug 05 11:03:49.392206 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKEgAAABE"]
[Tue Aug 05 11:03:49.392393 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKEgAAABE"]
[Tue Aug 05 11:03:49.412220 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/aws/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKEwAAABE"]
[Tue Aug 05 11:03:49.412436 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/aws/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKEwAAABE"]
[Tue Aug 05 11:03:49.412581 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/aws/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKEwAAABE"]
[Tue Aug 05 11:03:49.515226 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGAAAABE"]
[Tue Aug 05 11:03:49.515427 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGAAAABE"]
[Tue Aug 05 11:03:49.515599 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGAAAABE"]
[Tue Aug 05 11:03:49.535539 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGQAAABE"]
[Tue Aug 05 11:03:49.535745 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGQAAABE"]
[Tue Aug 05 11:03:49.535928 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGQAAABE"]
[Tue Aug 05 11:03:49.556017 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGgAAABE"]
[Tue Aug 05 11:03:49.556236 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGgAAABE"]
[Tue Aug 05 11:03:49.556422 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wordpress/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGgAAABE"]
[Tue Aug 05 11:03:49.576427 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGwAAABE"]
[Tue Aug 05 11:03:49.576635 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGwAAABE"]
[Tue Aug 05 11:03:49.576815 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKGwAAABE"]
[Tue Aug 05 11:03:49.596804 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /xampp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKHAAAABE"]
[Tue Aug 05 11:03:49.597006 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKHAAAABE"]
[Tue Aug 05 11:03:49.597163 2025] [:error] [pid 1720192] [client 185.177.72.115:18484] [client 185.177.72.115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/xampp/.env"] [unique_id "aJHI9Ssui0BrQ5itqPqKHAAAABE"]
[Tue Aug 05 17:44:46.708194 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJIm7v8AUwGiCLARHH44mQAAAAg"]
[Tue Aug 05 17:44:46.708448 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJIm7v8AUwGiCLARHH44mQAAAAg"]
[Tue Aug 05 17:44:46.708618 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJIm7v8AUwGiCLARHH44mQAAAAg"]
[Tue Aug 05 17:44:46.874246 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJIm7v8AUwGiCLARHH44nAAAAAg"]
[Tue Aug 05 17:44:46.874535 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJIm7v8AUwGiCLARHH44nAAAAAg"]
[Tue Aug 05 17:44:46.874738 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aJIm7v8AUwGiCLARHH44nAAAAAg"]
[Tue Aug 05 17:44:46.960963 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJIm7v8AUwGiCLARHH44nQAAAAg"]
[Tue Aug 05 17:44:46.961202 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJIm7v8AUwGiCLARHH44nQAAAAg"]
[Tue Aug 05 17:44:46.961399 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aJIm7v8AUwGiCLARHH44nQAAAAg"]
[Tue Aug 05 17:44:47.068977 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJIm7_8AUwGiCLARHH44ngAAAAg"]
[Tue Aug 05 17:44:47.069241 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJIm7_8AUwGiCLARHH44ngAAAAg"]
[Tue Aug 05 17:44:47.069435 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aJIm7_8AUwGiCLARHH44ngAAAAg"]
[Tue Aug 05 17:44:48.944074 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJIm8P8AUwGiCLARHH44oQAAAAg"]
[Tue Aug 05 17:44:48.944307 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJIm8P8AUwGiCLARHH44oQAAAAg"]
[Tue Aug 05 17:44:48.944475 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aJIm8P8AUwGiCLARHH44oQAAAAg"]
[Tue Aug 05 17:44:49.037401 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aJIm8f8AUwGiCLARHH44pQAAAAg"]
[Tue Aug 05 17:44:49.037731 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aJIm8f8AUwGiCLARHH44pQAAAAg"]
[Tue Aug 05 17:44:49.037917 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/debug.log"] [unique_id "aJIm8f8AUwGiCLARHH44pQAAAAg"]
[Tue Aug 05 17:44:49.176057 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJIm8f8AUwGiCLARHH44qwAAAAg"]
[Tue Aug 05 17:44:49.176261 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJIm8f8AUwGiCLARHH44qwAAAAg"]
[Tue Aug 05 17:44:49.176450 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/mail/.env"] [unique_id "aJIm8f8AUwGiCLARHH44qwAAAAg"]
[Tue Aug 05 17:44:49.198562 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJIm8f8AUwGiCLARHH44rAAAAAg"]
[Tue Aug 05 17:44:49.198777 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJIm8f8AUwGiCLARHH44rAAAAAg"]
[Tue Aug 05 17:44:49.198947 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJIm8f8AUwGiCLARHH44rAAAAAg"]
[Tue Aug 05 17:44:49.243959 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJIm8f8AUwGiCLARHH44rgAAAAg"]
[Tue Aug 05 17:44:49.244155 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJIm8f8AUwGiCLARHH44rgAAAAg"]
[Tue Aug 05 17:44:49.244310 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aJIm8f8AUwGiCLARHH44rgAAAAg"]
[Tue Aug 05 17:44:49.266313 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJIm8f8AUwGiCLARHH44rwAAAAg"]
[Tue Aug 05 17:44:49.266534 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJIm8f8AUwGiCLARHH44rwAAAAg"]
[Tue Aug 05 17:44:49.266686 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aJIm8f8AUwGiCLARHH44rwAAAAg"]
[Tue Aug 05 17:44:49.289132 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJIm8f8AUwGiCLARHH44sAAAAAg"]
[Tue Aug 05 17:44:49.289325 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJIm8f8AUwGiCLARHH44sAAAAAg"]
[Tue Aug 05 17:44:49.289481 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aJIm8f8AUwGiCLARHH44sAAAAAg"]
[Tue Aug 05 17:44:50.870755 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aJIm8v8AUwGiCLARHH44tAAAAAg"]
[Tue Aug 05 17:44:50.871243 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aJIm8v8AUwGiCLARHH44tAAAAAg"]
[Tue Aug 05 17:44:50.871497 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/app.log"] [unique_id "aJIm8v8AUwGiCLARHH44tAAAAAg"]
[Tue Aug 05 17:44:50.893774 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJIm8v8AUwGiCLARHH44tQAAAAg"]
[Tue Aug 05 17:44:50.893981 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJIm8v8AUwGiCLARHH44tQAAAAg"]
[Tue Aug 05 17:44:50.894136 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/src/.env"] [unique_id "aJIm8v8AUwGiCLARHH44tQAAAAg"]
[Tue Aug 05 17:44:50.939546 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.php.bak"] [unique_id "aJIm8v8AUwGiCLARHH44twAAAAg"]
[Tue Aug 05 17:44:50.939848 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.php.bak"] [unique_id "aJIm8v8AUwGiCLARHH44twAAAAg"]
[Tue Aug 05 17:44:50.940003 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/configuration.php.bak"] [unique_id "aJIm8v8AUwGiCLARHH44twAAAAg"]
[Tue Aug 05 17:44:50.985399 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJIm8v8AUwGiCLARHH44uQAAAAg"]
[Tue Aug 05 17:44:50.985590 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJIm8v8AUwGiCLARHH44uQAAAAg"]
[Tue Aug 05 17:44:50.985764 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aJIm8v8AUwGiCLARHH44uQAAAAg"]
[Tue Aug 05 17:44:51.008348 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /platform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJIm8_8AUwGiCLARHH44ugAAAAg"]
[Tue Aug 05 17:44:51.008526 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJIm8_8AUwGiCLARHH44ugAAAAg"]
[Tue Aug 05 17:44:51.008718 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/platform/.env"] [unique_id "aJIm8_8AUwGiCLARHH44ugAAAAg"]
[Tue Aug 05 17:44:51.060098 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJIm8_8AUwGiCLARHH44vAAAAAg"]
[Tue Aug 05 17:44:51.060314 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJIm8_8AUwGiCLARHH44vAAAAAg"]
[Tue Aug 05 17:44:51.060480 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.txt/html/.env"] [unique_id "aJIm8_8AUwGiCLARHH44vAAAAAg"]
[Tue Aug 05 17:44:51.082705 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJIm8_8AUwGiCLARHH44vQAAAAg"]
[Tue Aug 05 17:44:51.082896 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJIm8_8AUwGiCLARHH44vQAAAAg"]
[Tue Aug 05 17:44:51.083061 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aJIm8_8AUwGiCLARHH44vQAAAAg"]
[Tue Aug 05 17:44:51.105369 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJIm8_8AUwGiCLARHH44vgAAAAg"]
[Tue Aug 05 17:44:51.105564 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJIm8_8AUwGiCLARHH44vgAAAAg"]
[Tue Aug 05 17:44:51.105715 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aJIm8_8AUwGiCLARHH44vgAAAAg"]
[Tue Aug 05 17:44:51.219831 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJIm8_8AUwGiCLARHH44wwAAAAg"]
[Tue Aug 05 17:44:51.220017 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJIm8_8AUwGiCLARHH44wwAAAAg"]
[Tue Aug 05 17:44:51.220174 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env1"] [unique_id "aJIm8_8AUwGiCLARHH44wwAAAAg"]
[Tue Aug 05 17:44:51.242403 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJIm8_8AUwGiCLARHH44xAAAAAg"]
[Tue Aug 05 17:44:51.242587 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJIm8_8AUwGiCLARHH44xAAAAAg"]
[Tue Aug 05 17:44:51.242745 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.orig"] [unique_id "aJIm8_8AUwGiCLARHH44xAAAAAg"]
[Tue Aug 05 17:44:51.264804 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aJIm8_8AUwGiCLARHH44xQAAAAg"]
[Tue Aug 05 17:44:51.265068 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aJIm8_8AUwGiCLARHH44xQAAAAg"]
[Tue Aug 05 17:44:51.265210 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config.ini"] [unique_id "aJIm8_8AUwGiCLARHH44xQAAAAg"]
[Tue Aug 05 17:44:51.357792 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJIm8_8AUwGiCLARHH44yQAAAAg"]
[Tue Aug 05 17:44:51.357978 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJIm8_8AUwGiCLARHH44yQAAAAg"]
[Tue Aug 05 17:44:51.358142 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/html/.env"] [unique_id "aJIm8_8AUwGiCLARHH44yQAAAAg"]
[Tue Aug 05 17:44:51.403253 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJIm8_8AUwGiCLARHH44ywAAAAg"]
[Tue Aug 05 17:44:51.403384 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJIm8_8AUwGiCLARHH44ywAAAAg"]
[Tue Aug 05 17:44:51.403557 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJIm8_8AUwGiCLARHH44ywAAAAg"]
[Tue Aug 05 17:44:51.403706 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.backup"] [unique_id "aJIm8_8AUwGiCLARHH44ywAAAAg"]
[Tue Aug 05 17:44:51.428762 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJIm8_8AUwGiCLARHH44zAAAAAg"]
[Tue Aug 05 17:44:51.428938 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJIm8_8AUwGiCLARHH44zAAAAAg"]
[Tue Aug 05 17:44:51.429090 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aJIm8_8AUwGiCLARHH44zAAAAAg"]
[Tue Aug 05 17:44:51.451044 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/configs/application.ini"] [unique_id "aJIm8_8AUwGiCLARHH44zQAAAAg"]
[Tue Aug 05 17:44:51.451310 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/configs/application.ini"] [unique_id "aJIm8_8AUwGiCLARHH44zQAAAAg"]
[Tue Aug 05 17:44:51.451461 2025] [:error] [pid 1726070] [client 185.177.72.202:7570] [client 185.177.72.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/configs/application.ini"] [unique_id "aJIm8_8AUwGiCLARHH44zQAAAAg"]
[Wed Aug 06 12:48:14.831640 2025] [:error] [pid 1739923] [client 194.233.83.146:57267] [client 194.233.83.146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMy7pERHHVHFW4wTjHXNgAAAAE"]
[Wed Aug 06 12:48:14.831915 2025] [:error] [pid 1739923] [client 194.233.83.146:57267] [client 194.233.83.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMy7pERHHVHFW4wTjHXNgAAAAE"]
[Wed Aug 06 12:48:14.832142 2025] [:error] [pid 1739923] [client 194.233.83.146:57267] [client 194.233.83.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJMy7pERHHVHFW4wTjHXNgAAAAE"]
[Wed Aug 06 12:48:22.825430 2025] [:error] [pid 1739925] [client 194.233.83.146:57334] [client 194.233.83.146] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content."] [data "19"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aJMy9lJbmk9kSAGhb9lJEQAAAAM"]
[Wed Aug 06 12:48:22.825499 2025] [:error] [pid 1739925] [client 194.233.83.146:57334] [client 194.233.83.146] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aJMy9lJbmk9kSAGhb9lJEQAAAAM"]
[Wed Aug 06 12:48:22.825879 2025] [:error] [pid 1739925] [client 194.233.83.146:57334] [client 194.233.83.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aJMy9lJbmk9kSAGhb9lJEQAAAAM"]
[Wed Aug 06 12:48:22.826063 2025] [:error] [pid 1739925] [client 194.233.83.146:57334] [client 194.233.83.146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 7 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 7, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aJMy9lJbmk9kSAGhb9lJEQAAAAM"]
[Thu Aug 07 00:21:48.256629 2025] [:error] [pid 1763540] [client 185.177.72.36:60276] [client 185.177.72.36] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJPVfAkf0aAf1bp04r46fAAAAAA"]
[Thu Aug 07 00:21:48.256868 2025] [:error] [pid 1763540] [client 185.177.72.36:60276] [client 185.177.72.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJPVfAkf0aAf1bp04r46fAAAAAA"]
[Thu Aug 07 00:21:48.257048 2025] [:error] [pid 1763540] [client 185.177.72.36:60276] [client 185.177.72.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJPVfAkf0aAf1bp04r46fAAAAAA"]
[Thu Aug 07 00:21:49.061057 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vAAAAAM"]
[Thu Aug 07 00:21:49.061278 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vAAAAAM"]
[Thu Aug 07 00:21:49.061469 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vAAAAAM"]
[Thu Aug 07 00:21:49.084702 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vQAAAAM"]
[Thu Aug 07 00:21:49.084928 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vQAAAAM"]
[Thu Aug 07 00:21:49.085107 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vQAAAAM"]
[Thu Aug 07 00:21:49.109623 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vgAAAAM"]
[Thu Aug 07 00:21:49.109841 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vgAAAAM"]
[Thu Aug 07 00:21:49.110026 2025] [:error] [pid 1763574] [client 185.177.72.36:60278] [client 185.177.72.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aJPVfRQShP8MxU69aJC9vgAAAAM"]
[Sun Aug 10 19:02:44.331346 2025] [:error] [pid 1839637] [client 3.84.178.235:44756] [client 3.84.178.235] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJjQtO81dc7fnjUixxDs5AAAAAM"]
[Sun Aug 10 19:02:44.332966 2025] [:error] [pid 1839637] [client 3.84.178.235:44756] [client 3.84.178.235] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJjQtO81dc7fnjUixxDs5AAAAAM"]
[Sun Aug 10 19:02:44.333160 2025] [:error] [pid 1839637] [client 3.84.178.235:44756] [client 3.84.178.235] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJjQtO81dc7fnjUixxDs5AAAAAM"]
[Mon Aug 11 19:21:40.325192 2025] [:error] [pid 1876153] [client 195.178.110.75:43944] [client 195.178.110.75] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJompMmx4Op1e3lrob_2mgAAABE"], referer: http://pms.test.indacotrentino.com/.DS_Store
[Mon Aug 11 19:21:40.325493 2025] [:error] [pid 1876153] [client 195.178.110.75:43944] [client 195.178.110.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJompMmx4Op1e3lrob_2mgAAABE"], referer: http://pms.test.indacotrentino.com/.DS_Store
[Mon Aug 11 19:21:40.325673 2025] [:error] [pid 1876153] [client 195.178.110.75:43944] [client 195.178.110.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aJompMmx4Op1e3lrob_2mgAAABE"], referer: http://pms.test.indacotrentino.com/.DS_Store
[Tue Aug 12 14:28:25.099408 2025] [:error] [pid 1898594] [client 213.209.143.116:41162] [client 213.209.143.116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJszaatLnEFFpEMLhCE2vQAAAAg"], referer: http://pms.test.indacotrentino.com/.env
[Tue Aug 12 14:28:25.100407 2025] [:error] [pid 1898594] [client 213.209.143.116:41162] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJszaatLnEFFpEMLhCE2vQAAAAg"], referer: http://pms.test.indacotrentino.com/.env
[Tue Aug 12 14:28:25.100635 2025] [:error] [pid 1898594] [client 213.209.143.116:41162] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aJszaatLnEFFpEMLhCE2vQAAAAg"], referer: http://pms.test.indacotrentino.com/.env
[Tue Aug 12 14:28:25.407613 2025] [:error] [pid 1891297] [client 213.209.143.116:41174] [client 213.209.143.116] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aJszaRxacyNLUJvTYxfVigAAAAY"], referer: http://pms.test.indacotrentino.com/backup.sql
[Tue Aug 12 14:28:25.407952 2025] [:error] [pid 1891297] [client 213.209.143.116:41174] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aJszaRxacyNLUJvTYxfVigAAAAY"], referer: http://pms.test.indacotrentino.com/backup.sql
[Tue Aug 12 14:28:25.408108 2025] [:error] [pid 1891297] [client 213.209.143.116:41174] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aJszaRxacyNLUJvTYxfVigAAAAY"], referer: http://pms.test.indacotrentino.com/backup.sql
[Tue Aug 12 14:28:25.573743 2025] [:error] [pid 1892093] [client 213.209.143.116:41190] [client 213.209.143.116] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/site.bak"] [unique_id "aJszaZNZgsyW7y9PCgJifAAAAAc"], referer: http://pms.test.indacotrentino.com/site.bak
[Tue Aug 12 14:28:25.574047 2025] [:error] [pid 1892093] [client 213.209.143.116:41190] [client 213.209.143.116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site.bak"] [unique_id "aJszaZNZgsyW7y9PCgJifAAAAAc"], referer: http://pms.test.indacotrentino.com/site.bak
[Tue Aug 12 14:28:25.574198 2025] [:error] [pid 1892093] [client 213.209.143.116:41190] [client 213.209.143.116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site.bak"] [unique_id "aJszaZNZgsyW7y9PCgJifAAAAAc"], referer: http://pms.test.indacotrentino.com/site.bak
[Wed Aug 13 03:39:46.110816 2025] [:error] [pid 1915762] [client 45.139.104.199:32828] [client 45.139.104.199] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJvs4sOqbpx-jnPJ2LkGxwAAAAM"]
[Wed Aug 13 03:39:46.111087 2025] [:error] [pid 1915762] [client 45.139.104.199:32828] [client 45.139.104.199] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJvs4sOqbpx-jnPJ2LkGxwAAAAM"]
[Wed Aug 13 03:39:46.111270 2025] [:error] [pid 1915762] [client 45.139.104.199:32828] [client 45.139.104.199] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aJvs4sOqbpx-jnPJ2LkGxwAAAAM"]
[Sat Aug 16 09:33:01.187848 2025] [:error] [pid 1991793] [client 217.217.252.16:50562] [client 217.217.252.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKA0LVAgsqK66xloRg0MFQAAAAY"]
[Sat Aug 16 09:33:01.189994 2025] [:error] [pid 1991793] [client 217.217.252.16:50562] [client 217.217.252.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKA0LVAgsqK66xloRg0MFQAAAAY"]
[Sat Aug 16 09:33:01.190293 2025] [:error] [pid 1991793] [client 217.217.252.16:50562] [client 217.217.252.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKA0LVAgsqK66xloRg0MFQAAAAY"]
[Sat Aug 16 09:33:03.223730 2025] [:error] [pid 1991185] [client 217.217.252.16:50667] [client 217.217.252.16] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "177"] [id "920170"] [msg "GET or HEAD Request with Body Content."] [data "19"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aKA0L-_-AI4RJh5hYJ1blgAAAAU"]
[Sat Aug 16 09:33:03.223799 2025] [:error] [pid 1991185] [client 217.217.252.16:50667] [client 217.217.252.16] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "662"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aKA0L-_-AI4RJh5hYJ1blgAAAAU"]
[Sat Aug 16 09:33:03.224179 2025] [:error] [pid 1991185] [client 217.217.252.16:50667] [client 217.217.252.16] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 7)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aKA0L-_-AI4RJh5hYJ1blgAAAAU"]
[Sat Aug 16 09:33:03.224370 2025] [:error] [pid 1991185] [client 217.217.252.16:50667] [client 217.217.252.16] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 7 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 7, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aKA0L-_-AI4RJh5hYJ1blgAAAAU"]
[Mon Aug 18 10:02:04.282246 2025] [:error] [pid 2040974] [client 45.130.203.195:49507] [client 45.130.203.195] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKLd_DRh4ljt-yt5iWLrIQAAAAQ"]
[Mon Aug 18 10:02:04.289480 2025] [:error] [pid 2040974] [client 45.130.203.195:49507] [client 45.130.203.195] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKLd_DRh4ljt-yt5iWLrIQAAAAQ"]
[Mon Aug 18 10:02:04.289676 2025] [:error] [pid 2040974] [client 45.130.203.195:49507] [client 45.130.203.195] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aKLd_DRh4ljt-yt5iWLrIQAAAAQ"]
[Thu Aug 21 13:13:29.348890 2025] [:error] [pid 2120450] [client 23.180.120.244:52152] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKb_WSILBkxvpX0uu8lrZgAAAAc"]
[Thu Aug 21 13:13:29.352111 2025] [:error] [pid 2120450] [client 23.180.120.244:52152] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKb_WSILBkxvpX0uu8lrZgAAAAc"]
[Thu Aug 21 13:13:29.352301 2025] [:error] [pid 2120450] [client 23.180.120.244:52152] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aKb_WSILBkxvpX0uu8lrZgAAAAc"]
[Thu Aug 21 13:13:36.809448 2025] [:error] [pid 2115008] [client 23.180.120.244:52158] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aKb_YIULDbYdi_TssjrdZAAAAAI"]
[Thu Aug 21 13:13:36.809685 2025] [:error] [pid 2115008] [client 23.180.120.244:52158] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aKb_YIULDbYdi_TssjrdZAAAAAI"]
[Thu Aug 21 13:13:36.809836 2025] [:error] [pid 2115008] [client 23.180.120.244:52158] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aKb_YIULDbYdi_TssjrdZAAAAAI"]
[Thu Aug 21 13:13:37.029254 2025] [:error] [pid 2115007] [client 23.180.120.244:59460] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aKb_Ya2kg_W_Wr-muT7CtQAAAAE"]
[Thu Aug 21 13:13:37.029497 2025] [:error] [pid 2115007] [client 23.180.120.244:59460] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aKb_Ya2kg_W_Wr-muT7CtQAAAAE"]
[Thu Aug 21 13:13:37.029650 2025] [:error] [pid 2115007] [client 23.180.120.244:59460] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aKb_Ya2kg_W_Wr-muT7CtQAAAAE"]
[Thu Aug 21 13:13:37.277400 2025] [:error] [pid 2115010] [client 23.180.120.244:59464] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aKb_YSwjVYzZoWovzhjPBQAAAAQ"]
[Thu Aug 21 13:13:37.277645 2025] [:error] [pid 2115010] [client 23.180.120.244:59464] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aKb_YSwjVYzZoWovzhjPBQAAAAQ"]
[Thu Aug 21 13:13:37.277822 2025] [:error] [pid 2115010] [client 23.180.120.244:59464] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aKb_YSwjVYzZoWovzhjPBQAAAAQ"]
[Thu Aug 21 13:13:37.432469 2025] [:error] [pid 2115006] [client 23.180.120.244:59474] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aKb_YURs_A425kIS1E-bmQAAAAA"]
[Thu Aug 21 13:13:37.432709 2025] [:error] [pid 2115006] [client 23.180.120.244:59474] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aKb_YURs_A425kIS1E-bmQAAAAA"]
[Thu Aug 21 13:13:37.432876 2025] [:error] [pid 2115006] [client 23.180.120.244:59474] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aKb_YURs_A425kIS1E-bmQAAAAA"]
[Thu Aug 21 13:13:37.648241 2025] [:error] [pid 2115009] [client 23.180.120.244:59480] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aKb_YbtFShAAn9A56aJrgAAAAAM"]
[Thu Aug 21 13:13:37.648479 2025] [:error] [pid 2115009] [client 23.180.120.244:59480] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aKb_YbtFShAAn9A56aJrgAAAAAM"]
[Thu Aug 21 13:13:37.648639 2025] [:error] [pid 2115009] [client 23.180.120.244:59480] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aKb_YbtFShAAn9A56aJrgAAAAAM"]
[Thu Aug 21 13:13:38.545988 2025] [:error] [pid 2115007] [client 23.180.120.244:59512] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aKb_Yq2kg_W_Wr-muT7CtgAAAAE"]
[Thu Aug 21 13:13:38.546226 2025] [:error] [pid 2115007] [client 23.180.120.244:59512] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aKb_Yq2kg_W_Wr-muT7CtgAAAAE"]
[Thu Aug 21 13:13:38.546413 2025] [:error] [pid 2115007] [client 23.180.120.244:59512] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aKb_Yq2kg_W_Wr-muT7CtgAAAAE"]
[Thu Aug 21 13:13:38.661310 2025] [:error] [pid 2115010] [client 23.180.120.244:59528] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aKb_YiwjVYzZoWovzhjPBgAAAAQ"]
[Thu Aug 21 13:13:38.661555 2025] [:error] [pid 2115010] [client 23.180.120.244:59528] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aKb_YiwjVYzZoWovzhjPBgAAAAQ"]
[Thu Aug 21 13:13:38.661715 2025] [:error] [pid 2115010] [client 23.180.120.244:59528] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aKb_YiwjVYzZoWovzhjPBgAAAAQ"]
[Thu Aug 21 13:13:38.789583 2025] [:error] [pid 2115006] [client 23.180.120.244:59540] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aKb_YkRs_A425kIS1E-bmgAAAAA"]
[Thu Aug 21 13:13:38.789823 2025] [:error] [pid 2115006] [client 23.180.120.244:59540] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aKb_YkRs_A425kIS1E-bmgAAAAA"]
[Thu Aug 21 13:13:38.789990 2025] [:error] [pid 2115006] [client 23.180.120.244:59540] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aKb_YkRs_A425kIS1E-bmgAAAAA"]
[Sun Aug 24 14:27:51.347131 2025] [:error] [pid 2191883] [client 3.146.111.124:60502] [client 3.146.111.124] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aKsFR3OZ2zj-hMq6ndbgrgAAAAM"]
[Sun Aug 24 14:27:51.349395 2025] [:error] [pid 2191883] [client 3.146.111.124:60502] [client 3.146.111.124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aKsFR3OZ2zj-hMq6ndbgrgAAAAM"]
[Sun Aug 24 14:27:51.349601 2025] [:error] [pid 2191883] [client 3.146.111.124:60502] [client 3.146.111.124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aKsFR3OZ2zj-hMq6ndbgrgAAAAM"]
[Thu Aug 28 02:57:56.140020 2025] [:error] [pid 2288800] [client 45.139.104.199:50804] [client 45.139.104.199] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-plBw5vTAYSDWkiYfl3wAAAAc"]
[Thu Aug 28 02:57:56.141846 2025] [:error] [pid 2288800] [client 45.139.104.199:50804] [client 45.139.104.199] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-plBw5vTAYSDWkiYfl3wAAAAc"]
[Thu Aug 28 02:57:56.142005 2025] [:error] [pid 2288800] [client 45.139.104.199:50804] [client 45.139.104.199] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-plBw5vTAYSDWkiYfl3wAAAAc"]
[Thu Aug 28 03:05:58.769631 2025] [authz_core:error] [pid 2291705] [client 178.128.207.138:42544] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Thu Aug 28 03:05:58.926898 2025] [:error] [pid 2291707] [client 178.128.207.138:42566] [client 178.128.207.138] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aK-rdgMPslqXVjNMgDF9sAAAAA8"]
[Thu Aug 28 03:05:58.927137 2025] [:error] [pid 2291707] [client 178.128.207.138:42566] [client 178.128.207.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aK-rdgMPslqXVjNMgDF9sAAAAA8"]
[Thu Aug 28 03:05:58.927301 2025] [:error] [pid 2291707] [client 178.128.207.138:42566] [client 178.128.207.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aK-rdgMPslqXVjNMgDF9sAAAAA8"]
[Thu Aug 28 03:05:58.980050 2025] [:error] [pid 2291708] [client 178.128.207.138:42578] [client 178.128.207.138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK-rdridlUmUKgLN_swfyQAAABA"]
[Thu Aug 28 03:05:58.980269 2025] [:error] [pid 2291708] [client 178.128.207.138:42578] [client 178.128.207.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK-rdridlUmUKgLN_swfyQAAABA"]
[Thu Aug 28 03:05:58.980427 2025] [:error] [pid 2291708] [client 178.128.207.138:42578] [client 178.128.207.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK-rdridlUmUKgLN_swfyQAAABA"]
[Thu Aug 28 03:05:59.038582 2025] [:error] [pid 2291710] [client 178.128.207.138:42592] [client 178.128.207.138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-rdxQJCZxLRfFhA7s5FAAAABI"]
[Thu Aug 28 03:05:59.038817 2025] [:error] [pid 2291710] [client 178.128.207.138:42592] [client 178.128.207.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-rdxQJCZxLRfFhA7s5FAAAABI"]
[Thu Aug 28 03:05:59.038982 2025] [:error] [pid 2291710] [client 178.128.207.138:42592] [client 178.128.207.138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-rdxQJCZxLRfFhA7s5FAAAABI"]
[Thu Aug 28 03:06:53.553732 2025] [:error] [pid 2291710] [client 103.62.235.29:52094] [client 103.62.235.29] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-rrRQJCZxLRfFhA7s5FQAAABI"]
[Thu Aug 28 03:06:53.553994 2025] [:error] [pid 2291710] [client 103.62.235.29:52094] [client 103.62.235.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-rrRQJCZxLRfFhA7s5FQAAABI"]
[Thu Aug 28 03:06:53.554167 2025] [:error] [pid 2291710] [client 103.62.235.29:52094] [client 103.62.235.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aK-rrRQJCZxLRfFhA7s5FQAAABI"]
[Thu Aug 28 03:06:53.555720 2025] [:error] [pid 2291708] [client 103.62.235.29:52084] [client 103.62.235.29] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK-rrbidlUmUKgLN_swfygAAABA"]
[Thu Aug 28 03:06:53.555933 2025] [:error] [pid 2291708] [client 103.62.235.29:52084] [client 103.62.235.29] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK-rrbidlUmUKgLN_swfygAAABA"]
[Thu Aug 28 03:06:53.556072 2025] [:error] [pid 2291708] [client 103.62.235.29:52084] [client 103.62.235.29] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aK-rrbidlUmUKgLN_swfygAAABA"]
[Fri Aug 29 10:22:02.990234 2025] [:error] [pid 2315266] [client 213.232.87.230:30381] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aLFjKg2suCBlf7H8nreXvwAAAAI"]
[Fri Aug 29 10:22:02.991365 2025] [:error] [pid 2315266] [client 213.232.87.230:30381] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aLFjKg2suCBlf7H8nreXvwAAAAI"]
[Fri Aug 29 10:22:02.991530 2025] [:error] [pid 2315266] [client 213.232.87.230:30381] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aLFjKg2suCBlf7H8nreXvwAAAAI"]
[Fri Aug 29 10:22:03.012359 2025] [:error] [pid 2317387] [client 213.232.87.230:26665] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".pwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aLFjKxf4Ixez93jIUm4kdwAAAAo"]
[Fri Aug 29 10:22:03.012591 2025] [:error] [pid 2317387] [client 213.232.87.230:26665] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aLFjKxf4Ixez93jIUm4kdwAAAAo"]
[Fri Aug 29 10:22:03.012735 2025] [:error] [pid 2317387] [client 213.232.87.230:26665] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/_vti_pvt/service.pwd"] [unique_id "aLFjKxf4Ixez93jIUm4kdwAAAAo"]
[Fri Aug 29 10:22:03.078008 2025] [:error] [pid 2316665] [client 213.232.87.230:49973] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aLFjK7qLCTxXjRrLVthKNgAAAAU"]
[Fri Aug 29 10:22:03.078135 2025] [:error] [pid 2316665] [client 213.232.87.230:49973] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aLFjK7qLCTxXjRrLVthKNgAAAAU"]
[Fri Aug 29 10:22:03.078282 2025] [:error] [pid 2316665] [client 213.232.87.230:49973] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aLFjK7qLCTxXjRrLVthKNgAAAAU"]
[Fri Aug 29 10:22:03.078439 2025] [:error] [pid 2316665] [client 213.232.87.230:49973] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aLFjK7qLCTxXjRrLVthKNgAAAAU"]
[Fri Aug 29 10:22:03.101382 2025] [:error] [pid 2317389] [client 213.232.87.230:30943] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aLFjK91zQce3Qoi6U6NuYwAAAAw"]
[Fri Aug 29 10:22:03.101496 2025] [:error] [pid 2317388] [client 213.232.87.230:2947] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aLFjK9nUlO8epTaEYYRaQgAAAAs"]
[Fri Aug 29 10:22:03.101523 2025] [:error] [pid 2317389] [client 213.232.87.230:30943] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aLFjK91zQce3Qoi6U6NuYwAAAAw"]
[Fri Aug 29 10:22:03.101657 2025] [:error] [pid 2317389] [client 213.232.87.230:30943] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aLFjK91zQce3Qoi6U6NuYwAAAAw"]
[Fri Aug 29 10:22:03.101727 2025] [:error] [pid 2317388] [client 213.232.87.230:2947] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aLFjK9nUlO8epTaEYYRaQgAAAAs"]
[Fri Aug 29 10:22:03.102050 2025] [:error] [pid 2317388] [client 213.232.87.230:2947] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database_backup.sql"] [unique_id "aLFjK9nUlO8epTaEYYRaQgAAAAs"]
[Fri Aug 29 10:22:03.104642 2025] [:error] [pid 2315264] [client 213.232.87.230:34885] [client 213.232.87.230] ModSecurity: Warning. Matched phrase ".ssh/id_rsa" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .ssh/id_rsa found within REQUEST_FILENAME: /.ssh/id_rsa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aLFjK43InCD95wSIz1cjwwAAAAA"]
[Fri Aug 29 10:22:03.104782 2025] [:error] [pid 2315264] [client 213.232.87.230:34885] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aLFjK43InCD95wSIz1cjwwAAAAA"]
[Fri Aug 29 10:22:03.104981 2025] [:error] [pid 2315264] [client 213.232.87.230:34885] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.ssh/id_rsa"] [unique_id "aLFjK43InCD95wSIz1cjwwAAAAA"]
[Fri Aug 29 10:22:03.108812 2025] [:error] [pid 2315267] [client 213.232.87.230:24587] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLFjK2jqWQ2t692loUtfTAAAAAM"]
[Fri Aug 29 10:22:03.108952 2025] [:error] [pid 2315267] [client 213.232.87.230:24587] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLFjK2jqWQ2t692loUtfTAAAAAM"]
[Fri Aug 29 10:22:03.109079 2025] [:error] [pid 2315267] [client 213.232.87.230:24587] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLFjK2jqWQ2t692loUtfTAAAAAM"]
[Fri Aug 29 10:22:03.174268 2025] [:error] [pid 2316665] [client 213.232.87.230:26381] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aLFjK7qLCTxXjRrLVthKNwAAAAU"]
[Fri Aug 29 10:22:03.174561 2025] [:error] [pid 2316665] [client 213.232.87.230:26381] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aLFjK7qLCTxXjRrLVthKNwAAAAU"]
[Fri Aug 29 10:22:03.174717 2025] [:error] [pid 2316665] [client 213.232.87.230:26381] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aLFjK7qLCTxXjRrLVthKNwAAAAU"]
[Fri Aug 29 10:22:03.198295 2025] [:error] [pid 2317388] [client 213.232.87.230:62025] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aLFjK9nUlO8epTaEYYRaQwAAAAs"]
[Fri Aug 29 10:22:03.198571 2025] [:error] [pid 2317388] [client 213.232.87.230:62025] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aLFjK9nUlO8epTaEYYRaQwAAAAs"]
[Fri Aug 29 10:22:03.198716 2025] [:error] [pid 2317388] [client 213.232.87.230:62025] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aLFjK9nUlO8epTaEYYRaQwAAAAs"]
[Fri Aug 29 10:22:03.208787 2025] [:error] [pid 2317386] [client 213.232.87.230:46381] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aLFjK_Fon5kABpD0WTPG-wAAAAk"]
[Fri Aug 29 10:22:03.208914 2025] [:error] [pid 2317386] [client 213.232.87.230:46381] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aLFjK_Fon5kABpD0WTPG-wAAAAk"]
[Fri Aug 29 10:22:03.209063 2025] [:error] [pid 2317386] [client 213.232.87.230:46381] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aLFjK_Fon5kABpD0WTPG-wAAAAk"]
[Fri Aug 29 10:22:03.209224 2025] [:error] [pid 2317386] [client 213.232.87.230:46381] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.svn/wc.db"] [unique_id "aLFjK_Fon5kABpD0WTPG-wAAAAk"]
[Fri Aug 29 10:22:03.220964 2025] [:error] [pid 2317385] [client 213.232.87.230:4825] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aLFjK4A_W3VM80HPNENJBwAAAAg"]
[Fri Aug 29 10:22:03.221142 2025] [:error] [pid 2315264] [client 213.232.87.230:27809] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLFjK43InCD95wSIz1cjxAAAAAA"]
[Fri Aug 29 10:22:03.221191 2025] [:error] [pid 2317385] [client 213.232.87.230:4825] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aLFjK4A_W3VM80HPNENJBwAAAAg"]
[Fri Aug 29 10:22:03.221289 2025] [:error] [pid 2315264] [client 213.232.87.230:27809] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLFjK43InCD95wSIz1cjxAAAAAA"]
[Fri Aug 29 10:22:03.221330 2025] [:error] [pid 2317385] [client 213.232.87.230:4825] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server.key"] [unique_id "aLFjK4A_W3VM80HPNENJBwAAAAg"]
[Fri Aug 29 10:22:03.221430 2025] [:error] [pid 2315264] [client 213.232.87.230:27809] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLFjK43InCD95wSIz1cjxAAAAAA"]
[Fri Aug 29 10:22:03.223574 2025] [authz_core:error] [pid 2317387] [client 213.232.87.230:13691] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Fri Aug 29 10:22:03.267946 2025] [:error] [pid 2316665] [client 213.232.87.230:60705] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aLFjK7qLCTxXjRrLVthKOAAAAAU"]
[Fri Aug 29 10:22:03.268172 2025] [:error] [pid 2316665] [client 213.232.87.230:60705] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aLFjK7qLCTxXjRrLVthKOAAAAAU"]
[Fri Aug 29 10:22:03.268313 2025] [:error] [pid 2316665] [client 213.232.87.230:60705] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/etc/ssl/private/server.key"] [unique_id "aLFjK7qLCTxXjRrLVthKOAAAAAU"]
[Fri Aug 29 10:22:03.294815 2025] [:error] [pid 2315266] [client 213.232.87.230:46677] [client 213.232.87.230] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aLFjKw2suCBlf7H8nreXwgAAAAI"]
[Fri Aug 29 10:22:03.295030 2025] [:error] [pid 2315266] [client 213.232.87.230:46677] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aLFjKw2suCBlf7H8nreXwgAAAAI"]
[Fri Aug 29 10:22:03.295211 2025] [:error] [pid 2315266] [client 213.232.87.230:46677] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aLFjKw2suCBlf7H8nreXwgAAAAI"]
[Fri Aug 29 10:22:03.317349 2025] [:error] [pid 2317386] [client 213.232.87.230:57457] [client 213.232.87.230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aLFjK_Fon5kABpD0WTPG_AAAAAk"]
[Fri Aug 29 10:22:03.317486 2025] [:error] [pid 2317386] [client 213.232.87.230:57457] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aLFjK_Fon5kABpD0WTPG_AAAAAk"]
[Fri Aug 29 10:22:03.317618 2025] [:error] [pid 2317386] [client 213.232.87.230:57457] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aLFjK_Fon5kABpD0WTPG_AAAAAk"]
[Fri Aug 29 10:22:03.337494 2025] [:error] [pid 2315264] [client 213.232.87.230:42535] [client 213.232.87.230] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aLFjK43InCD95wSIz1cjxQAAAAA"]
[Fri Aug 29 10:22:03.337714 2025] [:error] [pid 2315264] [client 213.232.87.230:42535] [client 213.232.87.230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aLFjK43InCD95wSIz1cjxQAAAAA"]
[Fri Aug 29 10:22:03.337862 2025] [:error] [pid 2315264] [client 213.232.87.230:42535] [client 213.232.87.230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aLFjK43InCD95wSIz1cjxQAAAAA"]
[Sat Aug 30 01:37:05.194540 2025] [:error] [pid 2337303] [client 93.123.109.7:57870] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLI5oZMRczH8-R4mpk77qwAAAAQ"]
[Sat Aug 30 01:37:05.195049 2025] [:error] [pid 2337303] [client 93.123.109.7:57870] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLI5oZMRczH8-R4mpk77qwAAAAQ"]
[Sat Aug 30 01:37:05.195230 2025] [:error] [pid 2337303] [client 93.123.109.7:57870] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLI5oZMRczH8-R4mpk77qwAAAAQ"]
[Sun Aug 31 12:33:08.743073 2025] [:error] [pid 2367282] [client 198.55.98.93:33756] [client 198.55.98.93] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLQk5O7j6wy0PDn1JdU37QAAAAY"]
[Sun Aug 31 12:33:08.744252 2025] [:error] [pid 2367282] [client 198.55.98.93:33756] [client 198.55.98.93] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLQk5O7j6wy0PDn1JdU37QAAAAY"]
[Sun Aug 31 12:33:08.744445 2025] [:error] [pid 2367282] [client 198.55.98.93:33756] [client 198.55.98.93] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLQk5O7j6wy0PDn1JdU37QAAAAY"]
[Sun Aug 31 19:30:55.490387 2025] [:error] [pid 2366625] [client 132.145.146.222:56756] [client 132.145.146.222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLSGzxUNq0qrvubbHhQx7gAAAAU"], referer: http://pms.test.indacotrentino.com//.env
[Sun Aug 31 19:30:55.490662 2025] [:error] [pid 2366625] [client 132.145.146.222:56756] [client 132.145.146.222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLSGzxUNq0qrvubbHhQx7gAAAAU"], referer: http://pms.test.indacotrentino.com//.env
[Sun Aug 31 19:30:55.490817 2025] [:error] [pid 2366625] [client 132.145.146.222:56756] [client 132.145.146.222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLSGzxUNq0qrvubbHhQx7gAAAAU"], referer: http://pms.test.indacotrentino.com//.env
[Mon Sep 01 10:14:34.688018 2025] [:error] [pid 2392978] [client 23.180.120.244:39024] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLVV6pvB0P1ETmtquLZtqwAAAAc"]
[Mon Sep 01 10:14:34.688312 2025] [:error] [pid 2392978] [client 23.180.120.244:39024] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLVV6pvB0P1ETmtquLZtqwAAAAc"]
[Mon Sep 01 10:14:34.688486 2025] [:error] [pid 2392978] [client 23.180.120.244:39024] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLVV6pvB0P1ETmtquLZtqwAAAAc"]
[Mon Sep 01 10:14:34.852418 2025] [:error] [pid 2391680] [client 23.180.120.244:39036] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLVV6t3Px5mqa7e6xgULEgAAAAE"]
[Mon Sep 01 10:14:34.852665 2025] [:error] [pid 2391680] [client 23.180.120.244:39036] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLVV6t3Px5mqa7e6xgULEgAAAAE"]
[Mon Sep 01 10:14:34.852824 2025] [:error] [pid 2391680] [client 23.180.120.244:39036] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aLVV6t3Px5mqa7e6xgULEgAAAAE"]
[Mon Sep 01 10:14:35.058605 2025] [:error] [pid 2391681] [client 23.180.120.244:39040] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLVV62ZlcKnuDjvToZkXCgAAAAI"]
[Mon Sep 01 10:14:35.058840 2025] [:error] [pid 2391681] [client 23.180.120.244:39040] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLVV62ZlcKnuDjvToZkXCgAAAAI"]
[Mon Sep 01 10:14:35.059008 2025] [:error] [pid 2391681] [client 23.180.120.244:39040] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aLVV62ZlcKnuDjvToZkXCgAAAAI"]
[Mon Sep 01 10:14:35.208204 2025] [:error] [pid 2391679] [client 23.180.120.244:39054] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLVV64u1PJKJEtIU21bXYQAAAAA"]
[Mon Sep 01 10:14:35.208441 2025] [:error] [pid 2391679] [client 23.180.120.244:39054] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLVV64u1PJKJEtIU21bXYQAAAAA"]
[Mon Sep 01 10:14:35.208615 2025] [:error] [pid 2391679] [client 23.180.120.244:39054] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLVV64u1PJKJEtIU21bXYQAAAAA"]
[Mon Sep 01 10:14:35.489302 2025] [:error] [pid 2391702] [client 23.180.120.244:39058] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aLVV67g3R4XdSvkXlQn1JAAAAAU"]
[Mon Sep 01 10:14:35.489531 2025] [:error] [pid 2391702] [client 23.180.120.244:39058] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aLVV67g3R4XdSvkXlQn1JAAAAAU"]
[Mon Sep 01 10:14:35.489699 2025] [:error] [pid 2391702] [client 23.180.120.244:39058] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aLVV67g3R4XdSvkXlQn1JAAAAAU"]
[Mon Sep 01 10:14:35.665101 2025] [:error] [pid 2392171] [client 23.180.120.244:39060] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLVV6wC7fhEOIMTTa6W3iwAAAAY"]
[Mon Sep 01 10:14:35.665337 2025] [:error] [pid 2392171] [client 23.180.120.244:39060] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLVV6wC7fhEOIMTTa6W3iwAAAAY"]
[Mon Sep 01 10:14:35.665513 2025] [:error] [pid 2392171] [client 23.180.120.244:39060] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aLVV6wC7fhEOIMTTa6W3iwAAAAY"]
[Mon Sep 01 10:14:36.593887 2025] [:error] [pid 2392978] [client 23.180.120.244:39130] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLVV7JvB0P1ETmtquLZtrAAAAAc"]
[Mon Sep 01 10:14:36.594142 2025] [:error] [pid 2392978] [client 23.180.120.244:39130] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLVV7JvB0P1ETmtquLZtrAAAAAc"]
[Mon Sep 01 10:14:36.594316 2025] [:error] [pid 2392978] [client 23.180.120.244:39130] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aLVV7JvB0P1ETmtquLZtrAAAAAc"]
[Mon Sep 01 10:14:36.738822 2025] [:error] [pid 2391680] [client 23.180.120.244:39144] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLVV7N3Px5mqa7e6xgULEwAAAAE"]
[Mon Sep 01 10:14:36.739050 2025] [:error] [pid 2391680] [client 23.180.120.244:39144] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLVV7N3Px5mqa7e6xgULEwAAAAE"]
[Mon Sep 01 10:14:36.739200 2025] [:error] [pid 2391680] [client 23.180.120.244:39144] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aLVV7N3Px5mqa7e6xgULEwAAAAE"]
[Mon Sep 01 10:14:36.932804 2025] [:error] [pid 2391681] [client 23.180.120.244:39158] [client 23.180.120.244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLVV7GZlcKnuDjvToZkXCwAAAAI"]
[Mon Sep 01 10:14:36.933035 2025] [:error] [pid 2391681] [client 23.180.120.244:39158] [client 23.180.120.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLVV7GZlcKnuDjvToZkXCwAAAAI"]
[Mon Sep 01 10:14:36.933216 2025] [:error] [pid 2391681] [client 23.180.120.244:39158] [client 23.180.120.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLVV7GZlcKnuDjvToZkXCwAAAAI"]
[Tue Sep 02 17:31:10.742098 2025] [:error] [pid 2415366] [client 3.140.182.19:55463] [client 3.140.182.19] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aLcNvkwHX7QrTBcxXXE29QAAAAQ"]
[Tue Sep 02 17:31:10.742555 2025] [:error] [pid 2415366] [client 3.140.182.19:55463] [client 3.140.182.19] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aLcNvkwHX7QrTBcxXXE29QAAAAQ"]
[Tue Sep 02 17:31:10.742753 2025] [:error] [pid 2415366] [client 3.140.182.19:55463] [client 3.140.182.19] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aLcNvkwHX7QrTBcxXXE29QAAAAQ"]
[Thu Sep 04 11:35:32.781267 2025] [:error] [pid 2466858] [client 176.65.148.43:57268] [client 176.65.148.43] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLldZMhHBJc5a4FCDeWykAAAAAI"]
[Thu Sep 04 11:35:32.784253 2025] [:error] [pid 2466858] [client 176.65.148.43:57268] [client 176.65.148.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLldZMhHBJc5a4FCDeWykAAAAAI"]
[Thu Sep 04 11:35:32.784434 2025] [:error] [pid 2466858] [client 176.65.148.43:57268] [client 176.65.148.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLldZMhHBJc5a4FCDeWykAAAAAI"]
[Fri Sep 05 12:07:22.309407 2025] [:error] [pid 2493250] [client 194.233.80.217:63593] [client 194.233.80.217] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aLq2WiTJqtUiKB43SURgLQAAAAY"], referer: http://pms.test.indacotrentino.com/sftp-config.json
[Fri Sep 05 12:07:22.309660 2025] [:error] [pid 2493250] [client 194.233.80.217:63593] [client 194.233.80.217] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aLq2WiTJqtUiKB43SURgLQAAAAY"], referer: http://pms.test.indacotrentino.com/sftp-config.json
[Fri Sep 05 12:07:22.309848 2025] [:error] [pid 2493250] [client 194.233.80.217:63593] [client 194.233.80.217] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aLq2WiTJqtUiKB43SURgLQAAAAY"], referer: http://pms.test.indacotrentino.com/sftp-config.json
[Fri Sep 05 12:07:22.332415 2025] [:error] [pid 2491887] [client 194.233.80.217:57192] [client 194.233.80.217] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /prevlaravel/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prevlaravel/sftp-config.json"] [unique_id "aLq2WqRNJdevni-wfxFOjgAAAAI"], referer: http://pms.test.indacotrentino.com/prevlaravel/sftp-config.json
[Fri Sep 05 12:07:22.332632 2025] [:error] [pid 2491887] [client 194.233.80.217:57192] [client 194.233.80.217] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prevlaravel/sftp-config.json"] [unique_id "aLq2WqRNJdevni-wfxFOjgAAAAI"], referer: http://pms.test.indacotrentino.com/prevlaravel/sftp-config.json
[Fri Sep 05 12:07:22.332781 2025] [:error] [pid 2491887] [client 194.233.80.217:57192] [client 194.233.80.217] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prevlaravel/sftp-config.json"] [unique_id "aLq2WqRNJdevni-wfxFOjgAAAAI"], referer: http://pms.test.indacotrentino.com/prevlaravel/sftp-config.json
[Fri Sep 05 12:07:23.191311 2025] [:error] [pid 2491888] [client 194.233.80.217:54596] [client 194.233.80.217] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /prevlaravel/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prevlaravel/sftp-config.json"] [unique_id "aLq2W5_VBYeInBKbOsRkXwAAAAM"]
[Fri Sep 05 12:07:23.191558 2025] [:error] [pid 2491888] [client 194.233.80.217:54596] [client 194.233.80.217] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prevlaravel/sftp-config.json"] [unique_id "aLq2W5_VBYeInBKbOsRkXwAAAAM"]
[Fri Sep 05 12:07:23.191706 2025] [:error] [pid 2491888] [client 194.233.80.217:54596] [client 194.233.80.217] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prevlaravel/sftp-config.json"] [unique_id "aLq2W5_VBYeInBKbOsRkXwAAAAM"]
[Fri Sep 05 12:07:23.192381 2025] [:error] [pid 2491889] [client 194.233.80.217:52099] [client 194.233.80.217] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aLq2W-l5cxues8SNd26ANwAAAAQ"]
[Fri Sep 05 12:07:23.192529 2025] [:error] [pid 2491889] [client 194.233.80.217:52099] [client 194.233.80.217] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aLq2W-l5cxues8SNd26ANwAAAAQ"]
[Fri Sep 05 12:07:23.192672 2025] [:error] [pid 2491889] [client 194.233.80.217:52099] [client 194.233.80.217] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sftp-config.json"] [unique_id "aLq2W-l5cxues8SNd26ANwAAAAQ"]
[Fri Sep 05 13:55:00.969561 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLrPlGcf05t5foPUZx319gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:00.969831 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLrPlGcf05t5foPUZx319gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:00.969998 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aLrPlGcf05t5foPUZx319gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.194510 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aLrPlWcf05t5foPUZx31-gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.194779 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aLrPlWcf05t5foPUZx31-gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.194968 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aLrPlWcf05t5foPUZx31-gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.254334 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aLrPlWcf05t5foPUZx31-wAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.254650 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aLrPlWcf05t5foPUZx31-wAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.254833 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aLrPlWcf05t5foPUZx31-wAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.311607 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aLrPlWcf05t5foPUZx31_AAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.311851 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aLrPlWcf05t5foPUZx31_AAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.312019 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aLrPlWcf05t5foPUZx31_AAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.365764 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aLrPlWcf05t5foPUZx31_QAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.366008 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aLrPlWcf05t5foPUZx31_QAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.366196 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aLrPlWcf05t5foPUZx31_QAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.421287 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aLrPlWcf05t5foPUZx31_gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.421534 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aLrPlWcf05t5foPUZx31_gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.421709 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aLrPlWcf05t5foPUZx31_gAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.487374 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aLrPlWcf05t5foPUZx31_wAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.487623 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aLrPlWcf05t5foPUZx31_wAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.487793 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aLrPlWcf05t5foPUZx31_wAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.541604 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aLrPlWcf05t5foPUZx32AAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.541859 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aLrPlWcf05t5foPUZx32AAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.542049 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aLrPlWcf05t5foPUZx32AAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.597442 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aLrPlWcf05t5foPUZx32AQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.597694 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aLrPlWcf05t5foPUZx32AQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.597884 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aLrPlWcf05t5foPUZx32AQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.651802 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aLrPlWcf05t5foPUZx32AgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.652067 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aLrPlWcf05t5foPUZx32AgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.652258 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aLrPlWcf05t5foPUZx32AgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.707129 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aLrPlWcf05t5foPUZx32AwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.707408 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aLrPlWcf05t5foPUZx32AwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.707595 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aLrPlWcf05t5foPUZx32AwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.762199 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aLrPlWcf05t5foPUZx32BAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.762482 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aLrPlWcf05t5foPUZx32BAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.762668 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aLrPlWcf05t5foPUZx32BAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.820861 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aLrPlWcf05t5foPUZx32BQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.821113 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aLrPlWcf05t5foPUZx32BQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.821300 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aLrPlWcf05t5foPUZx32BQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.876289 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aLrPlWcf05t5foPUZx32BgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.876543 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aLrPlWcf05t5foPUZx32BgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.876729 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aLrPlWcf05t5foPUZx32BgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.931431 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aLrPlWcf05t5foPUZx32BwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.931691 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aLrPlWcf05t5foPUZx32BwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.931892 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aLrPlWcf05t5foPUZx32BwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.989770 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aLrPlWcf05t5foPUZx32CAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.990032 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aLrPlWcf05t5foPUZx32CAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:01.990231 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aLrPlWcf05t5foPUZx32CAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.044780 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aLrPlmcf05t5foPUZx32CQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.045048 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aLrPlmcf05t5foPUZx32CQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.045248 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aLrPlmcf05t5foPUZx32CQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.099424 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLrPlmcf05t5foPUZx32CgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.099708 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLrPlmcf05t5foPUZx32CgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.099907 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aLrPlmcf05t5foPUZx32CgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.155134 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aLrPlmcf05t5foPUZx32CwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.155405 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aLrPlmcf05t5foPUZx32CwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.155621 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aLrPlmcf05t5foPUZx32CwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.211446 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aLrPlmcf05t5foPUZx32DAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.211714 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aLrPlmcf05t5foPUZx32DAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.211908 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aLrPlmcf05t5foPUZx32DAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.266116 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aLrPlmcf05t5foPUZx32DQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.266388 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aLrPlmcf05t5foPUZx32DQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.266564 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aLrPlmcf05t5foPUZx32DQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.321142 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLrPlmcf05t5foPUZx32DgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.321394 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLrPlmcf05t5foPUZx32DgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.321557 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aLrPlmcf05t5foPUZx32DgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.375387 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aLrPlmcf05t5foPUZx32DwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.375669 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aLrPlmcf05t5foPUZx32DwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.375843 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aLrPlmcf05t5foPUZx32DwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.431875 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aLrPlmcf05t5foPUZx32EAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.432138 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aLrPlmcf05t5foPUZx32EAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.432317 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aLrPlmcf05t5foPUZx32EAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.488927 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aLrPlmcf05t5foPUZx32EQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.489174 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aLrPlmcf05t5foPUZx32EQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.489344 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aLrPlmcf05t5foPUZx32EQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.543380 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aLrPlmcf05t5foPUZx32EgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.543646 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aLrPlmcf05t5foPUZx32EgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.543825 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aLrPlmcf05t5foPUZx32EgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.598168 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aLrPlmcf05t5foPUZx32EwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.598446 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aLrPlmcf05t5foPUZx32EwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.598633 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aLrPlmcf05t5foPUZx32EwAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.653597 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aLrPlmcf05t5foPUZx32FAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.653851 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aLrPlmcf05t5foPUZx32FAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.654020 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aLrPlmcf05t5foPUZx32FAAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.708698 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aLrPlmcf05t5foPUZx32FQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.708946 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aLrPlmcf05t5foPUZx32FQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.709108 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aLrPlmcf05t5foPUZx32FQAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.763536 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aLrPlmcf05t5foPUZx32FgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.763785 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aLrPlmcf05t5foPUZx32FgAAAAk"], referer: https://www.google.com/
[Fri Sep 05 13:55:02.763952 2025] [:error] [pid 2495324] [client 35.180.191.10:40880] [client 35.180.191.10] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aLrPlmcf05t5foPUZx32FgAAAAk"], referer: https://www.google.com/
[Sat Sep 06 21:03:36.833360 2025] [:error] [pid 2516674] [client 138.197.113.158:59190] [client 138.197.113.158] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLyFiJuQgqswfhi5vNCS5QAAAAE"]
[Sat Sep 06 21:03:36.833635 2025] [:error] [pid 2516674] [client 138.197.113.158:59190] [client 138.197.113.158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLyFiJuQgqswfhi5vNCS5QAAAAE"]
[Sat Sep 06 21:03:36.833814 2025] [:error] [pid 2516674] [client 138.197.113.158:59190] [client 138.197.113.158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aLyFiJuQgqswfhi5vNCS5QAAAAE"]
[Sun Sep 07 15:01:16.702172 2025] [:error] [pid 2543900] [client 93.123.109.214:46074] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL2CHNF_QkkF-5QUXQITLQAAAAg"]
[Sun Sep 07 15:01:16.702524 2025] [:error] [pid 2543900] [client 93.123.109.214:46074] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL2CHNF_QkkF-5QUXQITLQAAAAg"]
[Sun Sep 07 15:01:16.702713 2025] [:error] [pid 2543900] [client 93.123.109.214:46074] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL2CHNF_QkkF-5QUXQITLQAAAAg"]
[Sun Sep 07 15:01:16.858241 2025] [:error] [pid 2541669] [client 93.123.109.214:46080] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aL2CHPljQM4mKxiCNXTzGwAAAAM"]
[Sun Sep 07 15:01:16.858653 2025] [:error] [pid 2541669] [client 93.123.109.214:46080] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aL2CHPljQM4mKxiCNXTzGwAAAAM"]
[Sun Sep 07 15:01:16.858906 2025] [:error] [pid 2541669] [client 93.123.109.214:46080] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aL2CHPljQM4mKxiCNXTzGwAAAAM"]
[Sun Sep 07 15:01:17.025064 2025] [:error] [pid 2541668] [client 93.123.109.214:46084] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aL2CHeKBbWqSCLxiEDzaWQAAAAI"]
[Sun Sep 07 15:01:17.025310 2025] [:error] [pid 2541668] [client 93.123.109.214:46084] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aL2CHeKBbWqSCLxiEDzaWQAAAAI"]
[Sun Sep 07 15:01:17.025503 2025] [:error] [pid 2541668] [client 93.123.109.214:46084] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aL2CHeKBbWqSCLxiEDzaWQAAAAI"]
[Sun Sep 07 15:01:17.165049 2025] [:error] [pid 2541670] [client 93.123.109.214:46092] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL2CHYboWsW1RLB4eXifZAAAAAQ"]
[Sun Sep 07 15:01:17.165286 2025] [:error] [pid 2541670] [client 93.123.109.214:46092] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL2CHYboWsW1RLB4eXifZAAAAAQ"]
[Sun Sep 07 15:01:17.165456 2025] [:error] [pid 2541670] [client 93.123.109.214:46092] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL2CHYboWsW1RLB4eXifZAAAAAQ"]
[Sun Sep 07 15:01:17.290923 2025] [:error] [pid 2552557] [client 93.123.109.214:46102] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aL2CHScSmhSCSHiJdkiaYwAAAAs"]
[Sun Sep 07 15:01:17.291161 2025] [:error] [pid 2552557] [client 93.123.109.214:46102] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aL2CHScSmhSCSHiJdkiaYwAAAAs"]
[Sun Sep 07 15:01:17.291342 2025] [:error] [pid 2552557] [client 93.123.109.214:46102] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aL2CHScSmhSCSHiJdkiaYwAAAAs"]
[Sun Sep 07 15:01:17.405860 2025] [:error] [pid 2552558] [client 93.123.109.214:46116] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aL2CHUFu5ZsGRj6Cs1t26AAAAAw"]
[Sun Sep 07 15:01:17.406102 2025] [:error] [pid 2552558] [client 93.123.109.214:46116] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aL2CHUFu5ZsGRj6Cs1t26AAAAAw"]
[Sun Sep 07 15:01:17.406271 2025] [:error] [pid 2552558] [client 93.123.109.214:46116] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aL2CHUFu5ZsGRj6Cs1t26AAAAAw"]
[Sun Sep 07 15:01:18.015216 2025] [:error] [pid 2543900] [client 93.123.109.214:46174] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aL2CHtF_QkkF-5QUXQITLgAAAAg"]
[Sun Sep 07 15:01:18.015446 2025] [:error] [pid 2543900] [client 93.123.109.214:46174] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aL2CHtF_QkkF-5QUXQITLgAAAAg"]
[Sun Sep 07 15:01:18.015622 2025] [:error] [pid 2543900] [client 93.123.109.214:46174] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aL2CHtF_QkkF-5QUXQITLgAAAAg"]
[Sun Sep 07 15:01:18.125341 2025] [:error] [pid 2541669] [client 93.123.109.214:46190] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aL2CHvljQM4mKxiCNXTzHAAAAAM"]
[Sun Sep 07 15:01:18.126799 2025] [:error] [pid 2541669] [client 93.123.109.214:46190] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aL2CHvljQM4mKxiCNXTzHAAAAAM"]
[Sun Sep 07 15:01:18.126968 2025] [:error] [pid 2541669] [client 93.123.109.214:46190] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aL2CHvljQM4mKxiCNXTzHAAAAAM"]
[Sun Sep 07 15:01:18.233129 2025] [:error] [pid 2541668] [client 93.123.109.214:46202] [client 93.123.109.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aL2CHuKBbWqSCLxiEDzaWgAAAAI"]
[Sun Sep 07 15:01:18.233365 2025] [:error] [pid 2541668] [client 93.123.109.214:46202] [client 93.123.109.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aL2CHuKBbWqSCLxiEDzaWgAAAAI"]
[Sun Sep 07 15:01:18.233528 2025] [:error] [pid 2541668] [client 93.123.109.214:46202] [client 93.123.109.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aL2CHuKBbWqSCLxiEDzaWgAAAAI"]
[Sun Sep 07 23:17:43.434235 2025] [:error] [pid 2558733] [client 195.178.110.161:38580] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL32d1L4ZeA6zaNplnWANAAAAAU"]
[Sun Sep 07 23:17:43.434596 2025] [:error] [pid 2558733] [client 195.178.110.161:38580] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL32d1L4ZeA6zaNplnWANAAAAAU"]
[Sun Sep 07 23:17:43.434770 2025] [:error] [pid 2558733] [client 195.178.110.161:38580] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL32d1L4ZeA6zaNplnWANAAAAAU"]
[Sun Sep 07 23:17:43.725998 2025] [:error] [pid 2558732] [client 195.178.110.161:38594] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aL32d7zw3A9eipeGMzqFlwAAAAI"]
[Sun Sep 07 23:17:43.726245 2025] [:error] [pid 2558732] [client 195.178.110.161:38594] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aL32d7zw3A9eipeGMzqFlwAAAAI"]
[Sun Sep 07 23:17:43.726464 2025] [:error] [pid 2558732] [client 195.178.110.161:38594] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aL32d7zw3A9eipeGMzqFlwAAAAI"]
[Sun Sep 07 23:17:43.970174 2025] [:error] [pid 2558695] [client 195.178.110.161:38598] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aL32d4qASZu6lu3oNUPQaQAAAAQ"]
[Sun Sep 07 23:17:43.970441 2025] [:error] [pid 2558695] [client 195.178.110.161:38598] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aL32d4qASZu6lu3oNUPQaQAAAAQ"]
[Sun Sep 07 23:17:43.970621 2025] [:error] [pid 2558695] [client 195.178.110.161:38598] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aL32d4qASZu6lu3oNUPQaQAAAAQ"]
[Sun Sep 07 23:17:44.312198 2025] [:error] [pid 2558698] [client 195.178.110.161:38612] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL32ePZF_w7_3ZcmXF2qggAAAB8"]
[Sun Sep 07 23:17:44.312434 2025] [:error] [pid 2558698] [client 195.178.110.161:38612] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL32ePZF_w7_3ZcmXF2qggAAAB8"]
[Sun Sep 07 23:17:44.312624 2025] [:error] [pid 2558698] [client 195.178.110.161:38612] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aL32ePZF_w7_3ZcmXF2qggAAAB8"]
[Sun Sep 07 23:17:44.627551 2025] [:error] [pid 2558734] [client 195.178.110.161:38626] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aL32eDTF-BMHlL8UJ5ThFwAAAAY"]
[Sun Sep 07 23:17:44.627797 2025] [:error] [pid 2558734] [client 195.178.110.161:38626] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aL32eDTF-BMHlL8UJ5ThFwAAAAY"]
[Sun Sep 07 23:17:44.628033 2025] [:error] [pid 2558734] [client 195.178.110.161:38626] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aL32eDTF-BMHlL8UJ5ThFwAAAAY"]
[Sun Sep 07 23:17:44.960467 2025] [:error] [pid 2558735] [client 195.178.110.161:38632] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aL32eHO8WCoQXZ-CMQV7jgAAAAc"]
[Sun Sep 07 23:17:44.960704 2025] [:error] [pid 2558735] [client 195.178.110.161:38632] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aL32eHO8WCoQXZ-CMQV7jgAAAAc"]
[Sun Sep 07 23:17:44.960868 2025] [:error] [pid 2558735] [client 195.178.110.161:38632] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aL32eHO8WCoQXZ-CMQV7jgAAAAc"]
[Sun Sep 07 23:18:06.149569 2025] [:error] [pid 2558733] [client 195.178.110.161:35746] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aL32jlL4ZeA6zaNplnWANQAAAAU"]
[Sun Sep 07 23:18:06.149813 2025] [:error] [pid 2558733] [client 195.178.110.161:35746] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aL32jlL4ZeA6zaNplnWANQAAAAU"]
[Sun Sep 07 23:18:06.149969 2025] [:error] [pid 2558733] [client 195.178.110.161:35746] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aL32jlL4ZeA6zaNplnWANQAAAAU"]
[Sun Sep 07 23:18:11.383377 2025] [:error] [pid 2558732] [client 195.178.110.161:46164] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aL32k7zw3A9eipeGMzqFmAAAAAI"]
[Sun Sep 07 23:18:11.383615 2025] [:error] [pid 2558732] [client 195.178.110.161:46164] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aL32k7zw3A9eipeGMzqFmAAAAAI"]
[Sun Sep 07 23:18:11.383800 2025] [:error] [pid 2558732] [client 195.178.110.161:46164] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aL32k7zw3A9eipeGMzqFmAAAAAI"]
[Sun Sep 07 23:18:11.628125 2025] [:error] [pid 2558695] [client 195.178.110.161:46168] [client 195.178.110.161] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aL32k4qASZu6lu3oNUPQagAAAAQ"]
[Sun Sep 07 23:18:11.628370 2025] [:error] [pid 2558695] [client 195.178.110.161:46168] [client 195.178.110.161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aL32k4qASZu6lu3oNUPQagAAAAQ"]
[Sun Sep 07 23:18:11.628534 2025] [:error] [pid 2558695] [client 195.178.110.161:46168] [client 195.178.110.161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aL32k4qASZu6lu3oNUPQagAAAAQ"]
[Mon Sep 08 09:45:54.898993 2025] [:error] [pid 2571308] [client 18.224.192.118:39201] [client 18.224.192.118] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aL6Jsgvr-6_cS0Q7j5GyzgAAAAE"]
[Mon Sep 08 09:45:54.899409 2025] [:error] [pid 2571308] [client 18.224.192.118:39201] [client 18.224.192.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aL6Jsgvr-6_cS0Q7j5GyzgAAAAE"]
[Mon Sep 08 09:45:54.899604 2025] [:error] [pid 2571308] [client 18.224.192.118:39201] [client 18.224.192.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aL6Jsgvr-6_cS0Q7j5GyzgAAAAE"]
[Mon Sep 08 20:53:47.337666 2025] [:error] [pid 2584526] [client 45.139.104.170:36962] [client 45.139.104.170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL8mO6MPaAiKSrcwjxELqAAAAAA"]
[Mon Sep 08 20:53:47.337989 2025] [:error] [pid 2584526] [client 45.139.104.170:36962] [client 45.139.104.170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL8mO6MPaAiKSrcwjxELqAAAAAA"]
[Mon Sep 08 20:53:47.338170 2025] [:error] [pid 2584526] [client 45.139.104.170:36962] [client 45.139.104.170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aL8mO6MPaAiKSrcwjxELqAAAAAA"]
[Tue Sep 09 15:05:01.142387 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxIwAAAAc"]
[Tue Sep 09 15:05:01.142591 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxIwAAAAc"]
[Tue Sep 09 15:05:01.142782 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxIwAAAAc"]
[Tue Sep 09 15:05:01.239581 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aMAl_VSrOgbtr_HnXCKxJAAAAAc"]
[Tue Sep 09 15:05:01.239781 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aMAl_VSrOgbtr_HnXCKxJAAAAAc"]
[Tue Sep 09 15:05:01.239968 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aMAl_VSrOgbtr_HnXCKxJAAAAAc"]
[Tue Sep 09 15:05:01.336805 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aMAl_VSrOgbtr_HnXCKxJQAAAAc"]
[Tue Sep 09 15:05:01.337013 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aMAl_VSrOgbtr_HnXCKxJQAAAAc"]
[Tue Sep 09 15:05:01.337203 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aMAl_VSrOgbtr_HnXCKxJQAAAAc"]
[Tue Sep 09 15:05:01.532509 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp-content/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxJwAAAAc"]
[Tue Sep 09 15:05:01.532727 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxJwAAAAc"]
[Tue Sep 09 15:05:01.532925 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-content/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxJwAAAAc"]
[Tue Sep 09 15:05:01.629717 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMAl_VSrOgbtr_HnXCKxKAAAAAc"]
[Tue Sep 09 15:05:01.629933 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMAl_VSrOgbtr_HnXCKxKAAAAAc"]
[Tue Sep 09 15:05:01.630117 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMAl_VSrOgbtr_HnXCKxKAAAAAc"]
[Tue Sep 09 15:05:01.727097 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKQAAAAc"]
[Tue Sep 09 15:05:01.727312 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKQAAAAc"]
[Tue Sep 09 15:05:01.727498 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKQAAAAc"]
[Tue Sep 09 15:05:01.824472 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKgAAAAc"]
[Tue Sep 09 15:05:01.824670 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKgAAAAc"]
[Tue Sep 09 15:05:01.824840 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKgAAAAc"]
[Tue Sep 09 15:05:01.921574 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKwAAAAc"]
[Tue Sep 09 15:05:01.921770 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKwAAAAc"]
[Tue Sep 09 15:05:01.921939 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aMAl_VSrOgbtr_HnXCKxKwAAAAc"]
[Tue Sep 09 15:05:02.018952 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLAAAAAc"]
[Tue Sep 09 15:05:02.019185 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLAAAAAc"]
[Tue Sep 09 15:05:02.019373 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLAAAAAc"]
[Tue Sep 09 15:05:02.240089 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLgAAAAc"]
[Tue Sep 09 15:05:02.240306 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLgAAAAc"]
[Tue Sep 09 15:05:02.240514 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLgAAAAc"]
[Tue Sep 09 15:05:02.343904 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /library/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLwAAAAc"]
[Tue Sep 09 15:05:02.344202 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLwAAAAc"]
[Tue Sep 09 15:05:02.344445 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/library/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxLwAAAAc"]
[Tue Sep 09 15:05:02.441758 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nextjs-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMAAAAAc"]
[Tue Sep 09 15:05:02.442052 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMAAAAAc"]
[Tue Sep 09 15:05:02.442316 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nextjs-app/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMAAAAAc"]
[Tue Sep 09 15:05:02.539267 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMQAAAAc"]
[Tue Sep 09 15:05:02.539483 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMQAAAAc"]
[Tue Sep 09 15:05:02.539656 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/node-api/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMQAAAAc"]
[Tue Sep 09 15:05:02.636878 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMgAAAAc"]
[Tue Sep 09 15:05:02.637084 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMgAAAAc"]
[Tue Sep 09 15:05:02.637287 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxMgAAAAc"]
[Tue Sep 09 15:05:02.734281 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aMAl_lSrOgbtr_HnXCKxMwAAAAc"]
[Tue Sep 09 15:05:02.734536 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aMAl_lSrOgbtr_HnXCKxMwAAAAc"]
[Tue Sep 09 15:05:02.734727 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aMAl_lSrOgbtr_HnXCKxMwAAAAc"]
[Tue Sep 09 15:05:02.831574 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /myproject/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxNAAAAAc"]
[Tue Sep 09 15:05:02.831781 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxNAAAAAc"]
[Tue Sep 09 15:05:02.831961 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/myproject/.env"] [unique_id "aMAl_lSrOgbtr_HnXCKxNAAAAAc"]
[Tue Sep 09 15:05:02.930210 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.envs/.production/.django"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aMAl_lSrOgbtr_HnXCKxNQAAAAc"]
[Tue Sep 09 15:05:02.930461 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aMAl_lSrOgbtr_HnXCKxNQAAAAc"]
[Tue Sep 09 15:05:02.930644 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.envs/.production/.django"] [unique_id "aMAl_lSrOgbtr_HnXCKxNQAAAAc"]
[Tue Sep 09 15:05:03.027401 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aMAl_1SrOgbtr_HnXCKxNgAAAAc"]
[Tue Sep 09 15:05:03.027597 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aMAl_1SrOgbtr_HnXCKxNgAAAAc"]
[Tue Sep 09 15:05:03.027760 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env"] [unique_id "aMAl_1SrOgbtr_HnXCKxNgAAAAc"]
[Tue Sep 09 15:05:03.125075 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react-app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aMAl_1SrOgbtr_HnXCKxNwAAAAc"]
[Tue Sep 09 15:05:03.125279 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aMAl_1SrOgbtr_HnXCKxNwAAAAc"]
[Tue Sep 09 15:05:03.125498 2025] [:error] [pid 2595931] [client 54.82.1.127:62751] [client 54.82.1.127] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/react-app/.env.production"] [unique_id "aMAl_1SrOgbtr_HnXCKxNwAAAAc"]
[Wed Sep 10 09:48:13.144836 2025] [:error] [pid 2617022] [client 93.123.109.7:60944] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMEtPR5e1iLGGHbQEhX6qAAAAAY"]
[Wed Sep 10 09:48:13.145156 2025] [:error] [pid 2617022] [client 93.123.109.7:60944] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMEtPR5e1iLGGHbQEhX6qAAAAAY"]
[Wed Sep 10 09:48:13.145309 2025] [:error] [pid 2617022] [client 93.123.109.7:60944] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMEtPR5e1iLGGHbQEhX6qAAAAAY"]
[Thu Sep 11 14:10:47.843892 2025] [:error] [pid 2641808] [client 68.183.146.153:45010] [client 68.183.146.153] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMK8RzP-zgEHfk85WOuzcgAAAAI"]
[Thu Sep 11 14:10:47.846152 2025] [:error] [pid 2641808] [client 68.183.146.153:45010] [client 68.183.146.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMK8RzP-zgEHfk85WOuzcgAAAAI"]
[Thu Sep 11 14:10:47.846335 2025] [:error] [pid 2641808] [client 68.183.146.153:45010] [client 68.183.146.153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMK8RzP-zgEHfk85WOuzcgAAAAI"]
[Sat Sep 13 01:35:01.133547 2025] [:error] [pid 2688442] [client 176.65.148.43:55488] [client 176.65.148.43] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMSuJeoxPDI9NHFCBOuQvgAAAAo"]
[Sat Sep 13 01:35:01.134568 2025] [:error] [pid 2688442] [client 176.65.148.43:55488] [client 176.65.148.43] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMSuJeoxPDI9NHFCBOuQvgAAAAo"]
[Sat Sep 13 01:35:01.134752 2025] [:error] [pid 2688442] [client 176.65.148.43:55488] [client 176.65.148.43] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aMSuJeoxPDI9NHFCBOuQvgAAAAo"]
[Sun Sep 14 20:50:14.829662 2025] [:error] [pid 2717410] [client 18.224.192.118:44307] [client 18.224.192.118] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aMcOZmAU4eyHqXvSYJg4XAAAAAA"]
[Sun Sep 14 20:50:14.831037 2025] [:error] [pid 2717410] [client 18.224.192.118:44307] [client 18.224.192.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aMcOZmAU4eyHqXvSYJg4XAAAAAA"]
[Sun Sep 14 20:50:14.831234 2025] [:error] [pid 2717410] [client 18.224.192.118:44307] [client 18.224.192.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aMcOZmAU4eyHqXvSYJg4XAAAAAA"]
[Wed Sep 17 07:39:07.295249 2025] [:error] [pid 2791277] [client 44.200.14.106:56888] [client 44.200.14.106] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMpJe90GOlCa33tIsQpwNwAAAAI"]
[Wed Sep 17 07:39:07.297264 2025] [:error] [pid 2791277] [client 44.200.14.106:56888] [client 44.200.14.106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMpJe90GOlCa33tIsQpwNwAAAAI"]
[Wed Sep 17 07:39:07.297456 2025] [:error] [pid 2791277] [client 44.200.14.106:56888] [client 44.200.14.106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aMpJe90GOlCa33tIsQpwNwAAAAI"]
[Fri Sep 19 12:23:44.318110 2025] [:error] [pid 2852277] [client 45.139.104.204:43416] [client 45.139.104.204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM0vMLTPWd-ygSM77xHlGAAAABE"]
[Fri Sep 19 12:23:44.320386 2025] [:error] [pid 2852277] [client 45.139.104.204:43416] [client 45.139.104.204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM0vMLTPWd-ygSM77xHlGAAAABE"]
[Fri Sep 19 12:23:44.320556 2025] [:error] [pid 2852277] [client 45.139.104.204:43416] [client 45.139.104.204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM0vMLTPWd-ygSM77xHlGAAAABE"]
[Sat Sep 20 07:31:00.962127 2025] [:error] [pid 2867880] [client 45.148.10.157:52830] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM48FEW3VGRkhouZ08DpRQAAAAc"]
[Sat Sep 20 07:31:00.962371 2025] [:error] [pid 2867880] [client 45.148.10.157:52830] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM48FEW3VGRkhouZ08DpRQAAAAc"]
[Sat Sep 20 07:31:00.962562 2025] [:error] [pid 2867880] [client 45.148.10.157:52830] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM48FEW3VGRkhouZ08DpRQAAAAc"]
[Sat Sep 20 07:31:06.814129 2025] [:error] [pid 2867879] [client 45.148.10.157:35428] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM48GqdIZRGAnqD1a0DOwgAAAAY"]
[Sat Sep 20 07:31:06.814390 2025] [:error] [pid 2867879] [client 45.148.10.157:35428] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM48GqdIZRGAnqD1a0DOwgAAAAY"]
[Sat Sep 20 07:31:06.815102 2025] [:error] [pid 2867879] [client 45.148.10.157:35428] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aM48GqdIZRGAnqD1a0DOwgAAAAY"]
[Sat Sep 20 07:31:48.077657 2025] [:error] [pid 2867836] [client 45.148.10.157:36516] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aM48RN23j7fe40XI1-oidAAAAAI"]
[Sat Sep 20 07:31:48.077901 2025] [:error] [pid 2867836] [client 45.148.10.157:36516] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aM48RN23j7fe40XI1-oidAAAAAI"]
[Sat Sep 20 07:31:48.078062 2025] [:error] [pid 2867836] [client 45.148.10.157:36516] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aM48RN23j7fe40XI1-oidAAAAAI"]
[Sat Sep 20 07:31:53.645240 2025] [:error] [pid 2867834] [client 45.148.10.157:50310] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aM48SfIJPWoR2rp3y-lEqQAAAAA"]
[Sat Sep 20 07:31:53.645489 2025] [:error] [pid 2867834] [client 45.148.10.157:50310] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aM48SfIJPWoR2rp3y-lEqQAAAAA"]
[Sat Sep 20 07:31:53.645667 2025] [:error] [pid 2867834] [client 45.148.10.157:50310] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aM48SfIJPWoR2rp3y-lEqQAAAAA"]
[Sat Sep 20 07:31:56.672810 2025] [:error] [pid 2867838] [client 45.148.10.157:50316] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aM48THvfo_1mV5C9QU3Z2QAAAAQ"]
[Sat Sep 20 07:31:56.673188 2025] [:error] [pid 2867838] [client 45.148.10.157:50316] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aM48THvfo_1mV5C9QU3Z2QAAAAQ"]
[Sat Sep 20 07:31:56.673456 2025] [:error] [pid 2867838] [client 45.148.10.157:50316] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aM48THvfo_1mV5C9QU3Z2QAAAAQ"]
[Sat Sep 20 07:31:56.698165 2025] [:error] [pid 2867838] [client 45.148.10.157:50316] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aM48THvfo_1mV5C9QU3Z2gAAAAQ"]
[Sat Sep 20 07:31:56.698438 2025] [:error] [pid 2867838] [client 45.148.10.157:50316] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aM48THvfo_1mV5C9QU3Z2gAAAAQ"]
[Sat Sep 20 07:31:56.698633 2025] [:error] [pid 2867838] [client 45.148.10.157:50316] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aM48THvfo_1mV5C9QU3Z2gAAAAQ"]
[Sat Sep 20 07:31:56.857972 2025] [:error] [pid 2867837] [client 45.148.10.157:50322] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aM48TBWoV8GvGoZiBq3WpgAAAAM"]
[Sat Sep 20 07:31:56.858207 2025] [:error] [pid 2867837] [client 45.148.10.157:50322] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aM48TBWoV8GvGoZiBq3WpgAAAAM"]
[Sat Sep 20 07:31:56.858412 2025] [:error] [pid 2867837] [client 45.148.10.157:50322] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aM48TBWoV8GvGoZiBq3WpgAAAAM"]
[Sat Sep 20 07:31:56.927188 2025] [:error] [pid 2871947] [client 45.148.10.157:50338] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aM48TE9ZCrSFbu-il1n8qwAAAAk"]
[Sat Sep 20 07:31:56.927449 2025] [:error] [pid 2871947] [client 45.148.10.157:50338] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aM48TE9ZCrSFbu-il1n8qwAAAAk"]
[Sat Sep 20 07:31:56.927634 2025] [:error] [pid 2871947] [client 45.148.10.157:50338] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aM48TE9ZCrSFbu-il1n8qwAAAAk"]
[Sat Sep 20 07:31:57.000860 2025] [:error] [pid 2867898] [client 45.148.10.157:50352] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aM48TK3RNP9eqEvJAdCb4wAAAAg"]
[Sat Sep 20 07:31:57.001087 2025] [:error] [pid 2867898] [client 45.148.10.157:50352] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aM48TK3RNP9eqEvJAdCb4wAAAAg"]
[Sat Sep 20 07:31:57.001897 2025] [:error] [pid 2867898] [client 45.148.10.157:50352] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aM48TK3RNP9eqEvJAdCb4wAAAAg"]
[Sat Sep 20 07:31:57.024040 2025] [:error] [pid 2867898] [client 45.148.10.157:50352] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aM48Ta3RNP9eqEvJAdCb5AAAAAg"]
[Sat Sep 20 07:31:57.024258 2025] [:error] [pid 2867898] [client 45.148.10.157:50352] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aM48Ta3RNP9eqEvJAdCb5AAAAAg"]
[Sat Sep 20 07:31:57.024431 2025] [:error] [pid 2867898] [client 45.148.10.157:50352] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aM48Ta3RNP9eqEvJAdCb5AAAAAg"]
[Sat Sep 20 07:32:01.409480 2025] [:error] [pid 2867836] [client 45.148.10.157:50360] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aM48Ud23j7fe40XI1-oidQAAAAI"]
[Sat Sep 20 07:32:01.409711 2025] [:error] [pid 2867836] [client 45.148.10.157:50360] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aM48Ud23j7fe40XI1-oidQAAAAI"]
[Sat Sep 20 07:32:01.409901 2025] [:error] [pid 2867836] [client 45.148.10.157:50360] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aM48Ud23j7fe40XI1-oidQAAAAI"]
[Sat Sep 20 07:32:15.012925 2025] [:error] [pid 2872147] [client 45.148.10.157:48420] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aM48X14fVdTvLkSBX-4o3gAAAAw"]
[Sat Sep 20 07:32:15.013195 2025] [:error] [pid 2872147] [client 45.148.10.157:48420] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aM48X14fVdTvLkSBX-4o3gAAAAw"]
[Sat Sep 20 07:32:15.013381 2025] [:error] [pid 2872147] [client 45.148.10.157:48420] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aM48X14fVdTvLkSBX-4o3gAAAAw"]
[Sat Sep 20 07:32:24.377387 2025] [:error] [pid 2867834] [client 45.148.10.157:33296] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48aPIJPWoR2rp3y-lEqgAAAAA"]
[Sat Sep 20 07:32:24.377630 2025] [:error] [pid 2867834] [client 45.148.10.157:33296] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48aPIJPWoR2rp3y-lEqgAAAAA"]
[Sat Sep 20 07:32:24.377815 2025] [:error] [pid 2867834] [client 45.148.10.157:33296] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48aPIJPWoR2rp3y-lEqgAAAAA"]
[Sat Sep 20 07:32:32.377863 2025] [:error] [pid 2867837] [client 45.148.10.157:33302] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48cBWoV8GvGoZiBq3WpwAAAAM"]
[Sat Sep 20 07:32:32.378099 2025] [:error] [pid 2867837] [client 45.148.10.157:33302] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48cBWoV8GvGoZiBq3WpwAAAAM"]
[Sat Sep 20 07:32:32.378285 2025] [:error] [pid 2867837] [client 45.148.10.157:33302] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48cBWoV8GvGoZiBq3WpwAAAAM"]
[Sat Sep 20 07:32:38.381847 2025] [:error] [pid 2867898] [client 45.148.10.157:35876] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48dq3RNP9eqEvJAdCb5QAAAAg"]
[Sat Sep 20 07:32:38.382104 2025] [:error] [pid 2867898] [client 45.148.10.157:35876] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48dq3RNP9eqEvJAdCb5QAAAAg"]
[Sat Sep 20 07:32:38.382286 2025] [:error] [pid 2867898] [client 45.148.10.157:35876] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.staging"] [unique_id "aM48dq3RNP9eqEvJAdCb5QAAAAg"]
[Sat Sep 20 07:35:06.125503 2025] [:error] [pid 2867834] [client 45.148.10.157:43882] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /awstats/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aM49CvIJPWoR2rp3y-lEqwAAAAA"]
[Sat Sep 20 07:35:06.125743 2025] [:error] [pid 2867834] [client 45.148.10.157:43882] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aM49CvIJPWoR2rp3y-lEqwAAAAA"]
[Sat Sep 20 07:35:06.125921 2025] [:error] [pid 2867834] [client 45.148.10.157:43882] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/awstats/.env"] [unique_id "aM49CvIJPWoR2rp3y-lEqwAAAAA"]
[Sat Sep 20 07:35:20.199826 2025] [:error] [pid 2867898] [client 45.148.10.157:59948] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aM49GK3RNP9eqEvJAdCb6gAAAAg"]
[Sat Sep 20 07:35:20.200174 2025] [:error] [pid 2867898] [client 45.148.10.157:59948] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aM49GK3RNP9eqEvJAdCb6gAAAAg"]
[Sat Sep 20 07:35:20.200771 2025] [:error] [pid 2867898] [client 45.148.10.157:59948] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aM49GK3RNP9eqEvJAdCb6gAAAAg"]
[Sat Sep 20 07:35:26.095575 2025] [:error] [pid 2871947] [client 45.148.10.157:60418] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aM49Hk9ZCrSFbu-il1n8rAAAAAk"]
[Sat Sep 20 07:35:26.095807 2025] [:error] [pid 2871947] [client 45.148.10.157:60418] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aM49Hk9ZCrSFbu-il1n8rAAAAAk"]
[Sat Sep 20 07:35:26.095988 2025] [:error] [pid 2871947] [client 45.148.10.157:60418] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aM49Hk9ZCrSFbu-il1n8rAAAAAk"]
[Sat Sep 20 07:35:29.331816 2025] [:error] [pid 2871947] [client 45.148.10.157:60418] [client 45.148.10.157] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aM49IU9ZCrSFbu-il1n8rQAAAAk"]
[Sat Sep 20 07:35:29.332036 2025] [:error] [pid 2871947] [client 45.148.10.157:60418] [client 45.148.10.157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aM49IU9ZCrSFbu-il1n8rQAAAAk"]
[Sat Sep 20 07:35:29.332205 2025] [:error] [pid 2871947] [client 45.148.10.157:60418] [client 45.148.10.157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aM49IU9ZCrSFbu-il1n8rQAAAAk"]
[Tue Sep 23 03:42:25.850724 2025] [:error] [pid 2942731] [client 195.178.110.155:52767] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNH7AZKnWnU9xU3Q1DmG1QAAAAA"]
[Tue Sep 23 03:42:25.853429 2025] [:error] [pid 2942731] [client 195.178.110.155:52767] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNH7AZKnWnU9xU3Q1DmG1QAAAAA"]
[Tue Sep 23 03:42:25.853604 2025] [:error] [pid 2942731] [client 195.178.110.155:52767] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNH7AZKnWnU9xU3Q1DmG1QAAAAA"]
[Tue Sep 23 03:42:25.965530 2025] [:error] [pid 2942735] [client 195.178.110.155:64994] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNH7ASuKWopXTUc_56T2XQAAAAQ"], referer: http://pms.test.indacotrentino.com/.git/config
[Tue Sep 23 03:42:25.965779 2025] [:error] [pid 2942735] [client 195.178.110.155:64994] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNH7ASuKWopXTUc_56T2XQAAAAQ"], referer: http://pms.test.indacotrentino.com/.git/config
[Tue Sep 23 03:42:25.965930 2025] [:error] [pid 2942735] [client 195.178.110.155:64994] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNH7ASuKWopXTUc_56T2XQAAAAQ"], referer: http://pms.test.indacotrentino.com/.git/config
[Wed Sep 24 18:06:43.063867 2025] [:error] [pid 2967881] [client 45.148.10.246:57000] [client 45.148.10.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNQXE5I58xXToswI6_ccGwAAAAU"]
[Wed Sep 24 18:06:43.065210 2025] [:error] [pid 2967881] [client 45.148.10.246:57000] [client 45.148.10.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNQXE5I58xXToswI6_ccGwAAAAU"]
[Wed Sep 24 18:06:43.065401 2025] [:error] [pid 2967881] [client 45.148.10.246:57000] [client 45.148.10.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNQXE5I58xXToswI6_ccGwAAAAU"]
[Sat Sep 27 02:08:57.005422 2025] [:error] [pid 3038682] [client 176.65.149.195:46468] [client 176.65.149.195] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNcrGfeqqb3hf_aiJtQR-gAAAAg"]
[Sat Sep 27 02:08:57.005713 2025] [:error] [pid 3038682] [client 176.65.149.195:46468] [client 176.65.149.195] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNcrGfeqqb3hf_aiJtQR-gAAAAg"]
[Sat Sep 27 02:08:57.005870 2025] [:error] [pid 3038682] [client 176.65.149.195:46468] [client 176.65.149.195] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aNcrGfeqqb3hf_aiJtQR-gAAAAg"]
[Tue Sep 30 11:22:34.725232 2025] [:error] [pid 3118114] [client 45.148.10.154:59214] [client 45.148.10.154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNuhWkJmEM_B6WtWG4g7tQAAAAU"]
[Tue Sep 30 11:22:34.726733 2025] [:error] [pid 3118114] [client 45.148.10.154:59214] [client 45.148.10.154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNuhWkJmEM_B6WtWG4g7tQAAAAU"]
[Tue Sep 30 11:22:34.726892 2025] [:error] [pid 3118114] [client 45.148.10.154:59214] [client 45.148.10.154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aNuhWkJmEM_B6WtWG4g7tQAAAAU"]
[Fri Oct 03 03:19:02.710637 2025] [:error] [pid 3191523] [client 18.206.243.172:43494] [client 18.206.243.172] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aN8khhOh09Q7Bp7F97zmRwAAAAQ"]
[Fri Oct 03 03:19:02.710927 2025] [:error] [pid 3191523] [client 18.206.243.172:43494] [client 18.206.243.172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aN8khhOh09Q7Bp7F97zmRwAAAAQ"]
[Fri Oct 03 03:19:02.711087 2025] [:error] [pid 3191523] [client 18.206.243.172:43494] [client 18.206.243.172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aN8khhOh09Q7Bp7F97zmRwAAAAQ"]
[Sat Oct 04 03:48:21.282620 2025] [:error] [pid 3217771] [client 194.36.209.75:42480] [client 194.36.209.75] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOB85fL0MO7bFwUe8ITePQAAAAE"]
[Sat Oct 04 03:48:21.284235 2025] [:error] [pid 3217771] [client 194.36.209.75:42480] [client 194.36.209.75] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOB85fL0MO7bFwUe8ITePQAAAAE"]
[Sat Oct 04 03:48:21.284413 2025] [:error] [pid 3217771] [client 194.36.209.75:42480] [client 194.36.209.75] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOB85fL0MO7bFwUe8ITePQAAAAE"]
[Mon Oct 06 23:56:22.034629 2025] [:error] [pid 3267651] [client 160.250.70.40:51600] [client 160.250.70.40] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOQ7BkNR-lLwMYVpTGY9BwAAAAE"], referer: http://pms.test.indacotrentino.com/.git/config
[Mon Oct 06 23:56:22.036182 2025] [:error] [pid 3267651] [client 160.250.70.40:51600] [client 160.250.70.40] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOQ7BkNR-lLwMYVpTGY9BwAAAAE"], referer: http://pms.test.indacotrentino.com/.git/config
[Mon Oct 06 23:56:22.036346 2025] [:error] [pid 3267651] [client 160.250.70.40:51600] [client 160.250.70.40] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOQ7BkNR-lLwMYVpTGY9BwAAAAE"], referer: http://pms.test.indacotrentino.com/.git/config
[Tue Oct 07 05:40:00.564098 2025] [:error] [pid 3292643] [client 213.209.157.253:39528] [client 213.209.157.253] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOSLkF6a04PFRkGpNUV3YQAAAAQ"]
[Tue Oct 07 05:40:00.564368 2025] [:error] [pid 3292643] [client 213.209.157.253:39528] [client 213.209.157.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOSLkF6a04PFRkGpNUV3YQAAAAQ"]
[Tue Oct 07 05:40:00.564568 2025] [:error] [pid 3292643] [client 213.209.157.253:39528] [client 213.209.157.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOSLkF6a04PFRkGpNUV3YQAAAAQ"]
[Fri Oct 10 01:58:32.779799 2025] [:error] [pid 3364335] [client 95.173.216.42:58809] [client 95.173.216.42] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOhMKGMr_bVkvA0f8GkRswAAAAQ"]
[Fri Oct 10 01:58:32.781267 2025] [:error] [pid 3364335] [client 95.173.216.42:58809] [client 95.173.216.42] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOhMKGMr_bVkvA0f8GkRswAAAAQ"]
[Fri Oct 10 01:58:32.781441 2025] [:error] [pid 3364335] [client 95.173.216.42:58809] [client 95.173.216.42] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aOhMKGMr_bVkvA0f8GkRswAAAAQ"]
[Fri Oct 10 01:58:49.831298 2025] [:error] [pid 3364338] [client 95.173.216.42:51875] [client 95.173.216.42] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aOhMOYa5CmjnJVPAceBwDAAAAAI"]
[Fri Oct 10 01:58:49.831547 2025] [:error] [pid 3364338] [client 95.173.216.42:51875] [client 95.173.216.42] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aOhMOYa5CmjnJVPAceBwDAAAAAI"]
[Fri Oct 10 01:58:49.831710 2025] [:error] [pid 3364338] [client 95.173.216.42:51875] [client 95.173.216.42] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aOhMOYa5CmjnJVPAceBwDAAAAAI"]
[Fri Oct 10 19:20:09.985744 2025] [:error] [pid 3376658] [client 45.148.10.246:48722] [client 45.148.10.246] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOlASQZFhxP150Yau5veAwAAAAQ"]
[Fri Oct 10 19:20:09.986000 2025] [:error] [pid 3376658] [client 45.148.10.246:48722] [client 45.148.10.246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOlASQZFhxP150Yau5veAwAAAAQ"]
[Fri Oct 10 19:20:09.986181 2025] [:error] [pid 3376658] [client 45.148.10.246:48722] [client 45.148.10.246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOlASQZFhxP150Yau5veAwAAAAQ"]
[Sat Oct 11 00:32:50.159130 2025] [:error] [pid 3390476] [client 195.178.110.130:57868] [client 195.178.110.130] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOmJkiho41MNka6AJ9wXxwAAAAQ"]
[Sat Oct 11 00:32:50.159379 2025] [:error] [pid 3390476] [client 195.178.110.130:57868] [client 195.178.110.130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOmJkiho41MNka6AJ9wXxwAAAAQ"]
[Sat Oct 11 00:32:50.159548 2025] [:error] [pid 3390476] [client 195.178.110.130:57868] [client 195.178.110.130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOmJkiho41MNka6AJ9wXxwAAAAQ"]
[Sun Oct 12 00:13:49.281030 2025] [:error] [pid 3414037] [client 45.55.45.178:49996] [client 45.55.45.178] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOrWnfTenxBX_WKaY0cJ0gAAAAE"]
[Sun Oct 12 00:13:49.281348 2025] [:error] [pid 3414037] [client 45.55.45.178:49996] [client 45.55.45.178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOrWnfTenxBX_WKaY0cJ0gAAAAE"]
[Sun Oct 12 00:13:49.281557 2025] [:error] [pid 3414037] [client 45.55.45.178:49996] [client 45.55.45.178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aOrWnfTenxBX_WKaY0cJ0gAAAAE"]
[Sat Oct 18 04:44:22.115503 2025] [:error] [pid 3566932] [client 45.148.10.244:51443] [client 45.148.10.244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPL_BrQ4P4D1Twv8kFHP_wAAAAE"]
[Sat Oct 18 04:44:22.116691 2025] [:error] [pid 3566932] [client 45.148.10.244:51443] [client 45.148.10.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPL_BrQ4P4D1Twv8kFHP_wAAAAE"]
[Sat Oct 18 04:44:22.116869 2025] [:error] [pid 3566932] [client 45.148.10.244:51443] [client 45.148.10.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPL_BrQ4P4D1Twv8kFHP_wAAAAE"]
[Sun Oct 19 00:10:43.529280 2025] [:error] [pid 3590518] [client 3.138.185.30:60444] [client 3.138.185.30] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aPQQY9XJiuiLqks2a9WVZgAAAAA"]
[Sun Oct 19 00:10:43.531857 2025] [:error] [pid 3590518] [client 3.138.185.30:60444] [client 3.138.185.30] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aPQQY9XJiuiLqks2a9WVZgAAAAA"]
[Sun Oct 19 00:10:43.532051 2025] [:error] [pid 3590518] [client 3.138.185.30:60444] [client 3.138.185.30] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aPQQY9XJiuiLqks2a9WVZgAAAAA"]
[Thu Oct 23 23:53:51.038763 2025] [:error] [pid 3694805] [client 18.224.192.118:44947] [client 18.224.192.118] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aPqj77rm0bm_aBQSXdxUjQAAAAc"]
[Thu Oct 23 23:53:51.040037 2025] [:error] [pid 3694805] [client 18.224.192.118:44947] [client 18.224.192.118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aPqj77rm0bm_aBQSXdxUjQAAAAc"]
[Thu Oct 23 23:53:51.040238 2025] [:error] [pid 3694805] [client 18.224.192.118:44947] [client 18.224.192.118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/"] [unique_id "aPqj77rm0bm_aBQSXdxUjQAAAAc"]
[Fri Oct 24 20:58:10.468440 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.468723 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.468892 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.544302 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.544551 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.544706 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.604101 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.604352 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.604579 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.653827 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.654069 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.654233 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbKwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.703052 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.703302 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.703469 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.746512 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.746767 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.746947 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.821424 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.821688 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.821875 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.861839 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.862122 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.862320 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbLwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.916812 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbMAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.917028 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbMAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.917273 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbMAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.917455 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbMAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.983035 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbMQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.983307 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbMQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:10.983495 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPvMQqDAbBJ3ZgAeIEJbMQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.030471 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbMgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.030726 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbMgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.030896 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbMgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.085799 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbMwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.086005 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbMwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.086245 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbMwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.086445 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbMwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.166551 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.166737 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.166971 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.167171 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.207724 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.207972 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.208142 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.316229 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.316526 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.316742 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.645792 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.645986 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.646231 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.646423 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbNwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.747100 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.747350 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.747510 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.801830 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.802130 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.802330 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.849643 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.849919 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.850096 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.910035 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.910309 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.910518 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbOwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.953086 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbPAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.953322 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbPAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.953466 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbPAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.992433 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbPQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.992608 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbPQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.992838 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbPQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:11.993003 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMQ6DAbBJ3ZgAeIEJbPQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.045465 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbPgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.045644 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbPgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.045864 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbPgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.046015 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbPgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.091957 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbPwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.092208 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbPwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.092384 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbPwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.153697 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.153935 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.154106 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.206653 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.206856 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.207092 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.207267 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.261410 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.261602 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.261830 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.261986 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.303725 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.303989 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.304160 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbQwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.383665 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.383938 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.384127 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.433629 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.433823 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.434086 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.434276 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.478123 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.478303 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.478576 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.478736 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.526872 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.527131 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.527303 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbRwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.618738 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbSAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.618995 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbSAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.619158 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbSAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.685835 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbSQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.686028 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbSQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.686273 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbSQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:12.686461 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMRKDAbBJ3ZgAeIEJbSQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.032288 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbSgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.032546 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbSgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.032838 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbSgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.033080 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbSgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.182134 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbSwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.182468 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbSwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.182659 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbSwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.244748 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.245001 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.245182 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.289649 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.289845 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.290091 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.290264 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.469058 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.469240 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.469474 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.469632 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.533840 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.534090 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.534254 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbTwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.595115 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.595372 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.595532 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.634366 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.634548 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.634770 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.634917 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.676474 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.676660 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.676903 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.677055 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.720706 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.720936 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:13.721084 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aPvMRaDAbBJ3ZgAeIEJbUwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.133632 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.133883 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.134058 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.195117 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.195299 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.195586 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.195746 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.247281 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.247476 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.247697 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.247855 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.309349 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.309748 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.309941 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbVwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.369162 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.369424 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.369607 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.460237 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.460441 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.460715 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.460901 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.537218 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.537414 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.537673 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.537902 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.628589 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.628837 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.629019 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbWwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.695821 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.696078 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.696241 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.740320 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.740508 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.740759 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.740938 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.803864 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.804054 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.804291 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.804459 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.868420 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.868730 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.868917 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbXwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.913896 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbYAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.914204 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbYAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.914423 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbYAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.953605 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbYQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.953836 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbYQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.954125 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbYQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:14.954334 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMRqDAbBJ3ZgAeIEJbYQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.007910 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbYgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.008128 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbYgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.008412 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbYgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.008595 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbYgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.064704 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbYwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.064988 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbYwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.065182 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbYwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.121467 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.121758 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.121936 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.200102 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.200321 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.200597 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.200779 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.297557 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.297744 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.298021 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.298190 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.348040 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.348311 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.348507 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbZwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.398967 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbaAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.399265 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbaAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.399471 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbaAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.839087 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbaQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.839286 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbaQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.839543 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbaQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.839750 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbaQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.897132 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbagAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.897317 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbagAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.897578 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbagAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.897763 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbagAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.957751 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbawAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.958031 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbawAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:15.958199 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aPvMR6DAbBJ3ZgAeIEJbawAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.003370 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.003729 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.003959 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.054543 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.054792 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.055043 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.055229 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.127914 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.128198 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.128597 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.128837 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.190722 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.190987 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.191138 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbbwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.242542 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.242778 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.242924 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.353955 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.354136 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.354386 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.354542 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.395735 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.395928 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.396170 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.396332 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.451490 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.451751 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.451918 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbcwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.543003 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.543256 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.543456 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.598610 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.598807 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.599052 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.599224 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.641262 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.641471 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.641725 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.641896 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.681914 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.682169 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:16.682405 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPvMSKDAbBJ3ZgAeIEJbdwAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.063008 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbeAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.063276 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbeAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.063492 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbeAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.170846 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbeQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.171034 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbeQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.171273 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbeQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.171450 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbeQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.237453 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbegAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.237643 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbegAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.237876 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbegAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.238049 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbegAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.282756 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbewAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.283072 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbewAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.283291 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbewAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.356731 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.356985 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.357155 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfAAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.404784 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.405006 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.405277 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.405451 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfQAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.466072 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.466285 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.466627 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:17.466835 2025] [:error] [pid 3730595] [client 52.28.200.164:33784] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMSaDAbBJ3ZgAeIEJbfgAAAAE"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.031400 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPvMSuJZ4vgAgAbS8ck52wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.031653 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPvMSuJZ4vgAgAbS8ck52wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.031857 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aPvMSuJZ4vgAgAbS8ck52wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.166598 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPvMSuJZ4vgAgAbS8ck53AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.166854 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPvMSuJZ4vgAgAbS8ck53AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.167012 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aPvMSuJZ4vgAgAbS8ck53AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.280438 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPvMSuJZ4vgAgAbS8ck53QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.280683 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPvMSuJZ4vgAgAbS8ck53QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.280851 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aPvMSuJZ4vgAgAbS8ck53QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.910237 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aPvMSuJZ4vgAgAbS8ck53gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.910531 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aPvMSuJZ4vgAgAbS8ck53gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:18.910706 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aPvMSuJZ4vgAgAbS8ck53gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.448030 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aPvMS-JZ4vgAgAbS8ck53wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.448332 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aPvMS-JZ4vgAgAbS8ck53wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.448537 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aPvMS-JZ4vgAgAbS8ck53wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.649288 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aPvMS-JZ4vgAgAbS8ck54AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.649592 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aPvMS-JZ4vgAgAbS8ck54AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.649782 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aPvMS-JZ4vgAgAbS8ck54AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.795798 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPvMS-JZ4vgAgAbS8ck54QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.796057 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPvMS-JZ4vgAgAbS8ck54QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:19.796223 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aPvMS-JZ4vgAgAbS8ck54QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.071309 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aPvMTOJZ4vgAgAbS8ck54gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.071580 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aPvMTOJZ4vgAgAbS8ck54gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.071757 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aPvMTOJZ4vgAgAbS8ck54gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.519967 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMTOJZ4vgAgAbS8ck54wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.520160 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMTOJZ4vgAgAbS8ck54wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.520860 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMTOJZ4vgAgAbS8ck54wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.521081 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aPvMTOJZ4vgAgAbS8ck54wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.961897 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPvMTOJZ4vgAgAbS8ck55AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.962165 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPvMTOJZ4vgAgAbS8ck55AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:20.962331 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aPvMTOJZ4vgAgAbS8ck55AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.161535 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aPvMTeJZ4vgAgAbS8ck55QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.161796 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aPvMTeJZ4vgAgAbS8ck55QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.161979 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aPvMTeJZ4vgAgAbS8ck55QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.366537 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMTeJZ4vgAgAbS8ck55gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.366742 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMTeJZ4vgAgAbS8ck55gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.367018 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMTeJZ4vgAgAbS8ck55gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.367208 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aPvMTeJZ4vgAgAbS8ck55gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.980380 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMTeJZ4vgAgAbS8ck55wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.980572 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMTeJZ4vgAgAbS8ck55wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.980814 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMTeJZ4vgAgAbS8ck55wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:21.980991 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aPvMTeJZ4vgAgAbS8ck55wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.189331 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aPvMTuJZ4vgAgAbS8ck56AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.189656 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aPvMTuJZ4vgAgAbS8ck56AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.189891 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aPvMTuJZ4vgAgAbS8ck56AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.389857 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aPvMTuJZ4vgAgAbS8ck56QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.390107 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aPvMTuJZ4vgAgAbS8ck56QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.390289 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aPvMTuJZ4vgAgAbS8ck56QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.636214 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMTuJZ4vgAgAbS8ck56gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.636403 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMTuJZ4vgAgAbS8ck56gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.636666 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMTuJZ4vgAgAbS8ck56gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.636830 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aPvMTuJZ4vgAgAbS8ck56gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.839824 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aPvMTuJZ4vgAgAbS8ck56wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.840067 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aPvMTuJZ4vgAgAbS8ck56wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:22.840247 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aPvMTuJZ4vgAgAbS8ck56wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.041438 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aPvMT-JZ4vgAgAbS8ck57AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.041694 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aPvMT-JZ4vgAgAbS8ck57AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.041876 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aPvMT-JZ4vgAgAbS8ck57AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.388288 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aPvMT-JZ4vgAgAbS8ck57QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.388549 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aPvMT-JZ4vgAgAbS8ck57QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.388722 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aPvMT-JZ4vgAgAbS8ck57QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.953852 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aPvMT-JZ4vgAgAbS8ck57gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.954148 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aPvMT-JZ4vgAgAbS8ck57gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:23.954310 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aPvMT-JZ4vgAgAbS8ck57gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.156892 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aPvMUOJZ4vgAgAbS8ck57wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.157177 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aPvMUOJZ4vgAgAbS8ck57wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.157375 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aPvMUOJZ4vgAgAbS8ck57wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.429348 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMUOJZ4vgAgAbS8ck58AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.429618 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMUOJZ4vgAgAbS8ck58AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.429961 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMUOJZ4vgAgAbS8ck58AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.430199 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aPvMUOJZ4vgAgAbS8ck58AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.627585 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMUOJZ4vgAgAbS8ck58QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.627771 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMUOJZ4vgAgAbS8ck58QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.628018 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMUOJZ4vgAgAbS8ck58QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:24.628228 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aPvMUOJZ4vgAgAbS8ck58QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.030611 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPvMUeJZ4vgAgAbS8ck58gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.030868 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPvMUeJZ4vgAgAbS8ck58gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.031040 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aPvMUeJZ4vgAgAbS8ck58gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.329305 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aPvMUeJZ4vgAgAbS8ck58wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.329566 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aPvMUeJZ4vgAgAbS8ck58wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.329729 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aPvMUeJZ4vgAgAbS8ck58wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.875764 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMUeJZ4vgAgAbS8ck59AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.875960 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMUeJZ4vgAgAbS8ck59AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.876220 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMUeJZ4vgAgAbS8ck59AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:25.876399 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aPvMUeJZ4vgAgAbS8ck59AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:26.129531 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMUuJZ4vgAgAbS8ck59QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:26.129771 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMUuJZ4vgAgAbS8ck59QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:26.130037 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMUuJZ4vgAgAbS8ck59QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:26.130234 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aPvMUuJZ4vgAgAbS8ck59QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:26.397765 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPvMUuJZ4vgAgAbS8ck59gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:26.398029 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPvMUuJZ4vgAgAbS8ck59gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:26.398208 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aPvMUuJZ4vgAgAbS8ck59gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.002022 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aPvMU-JZ4vgAgAbS8ck59wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.002281 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aPvMU-JZ4vgAgAbS8ck59wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.002486 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aPvMU-JZ4vgAgAbS8ck59wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.299138 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.299380 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.299634 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.299836 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.520591 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.520802 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.521072 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:27.521269 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aPvMU-JZ4vgAgAbS8ck5-QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.117245 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPvMVOJZ4vgAgAbS8ck5-gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.117507 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPvMVOJZ4vgAgAbS8ck5-gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.117678 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aPvMVOJZ4vgAgAbS8ck5-gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.305593 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aPvMVOJZ4vgAgAbS8ck5-wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.305869 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aPvMVOJZ4vgAgAbS8ck5-wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.306080 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aPvMVOJZ4vgAgAbS8ck5-wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.501882 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.502080 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.502435 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.502683 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_AAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.731202 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.731403 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.731658 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.731835 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_QAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.896250 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.896510 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:28.896693 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aPvMVOJZ4vgAgAbS8ck5_gAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.050076 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aPvMVeJZ4vgAgAbS8ck5_wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.050329 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aPvMVeJZ4vgAgAbS8ck5_wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.050512 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aPvMVeJZ4vgAgAbS8ck5_wAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.247725 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.247931 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.248193 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.248385 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.916935 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.917170 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.917444 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:29.917640 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aPvMVeJZ4vgAgAbS8ck6AQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.102518 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aPvMVuJZ4vgAgAbS8ck6AgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.102770 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aPvMVuJZ4vgAgAbS8ck6AgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.102947 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aPvMVuJZ4vgAgAbS8ck6AgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.249710 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aPvMVuJZ4vgAgAbS8ck6AwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.249979 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aPvMVuJZ4vgAgAbS8ck6AwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.250147 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aPvMVuJZ4vgAgAbS8ck6AwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.508982 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.509202 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.509501 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.509710 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.658333 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.658592 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.658851 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:30.659063 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aPvMVuJZ4vgAgAbS8ck6BQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.226698 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aPvMV-JZ4vgAgAbS8ck6BgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.226986 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aPvMV-JZ4vgAgAbS8ck6BgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.227183 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aPvMV-JZ4vgAgAbS8ck6BgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.555237 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aPvMV-JZ4vgAgAbS8ck6BwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.555510 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aPvMV-JZ4vgAgAbS8ck6BwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.555685 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aPvMV-JZ4vgAgAbS8ck6BwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.765837 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.766035 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.766281 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.766478 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.934817 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.935017 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.935254 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:31.935448 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aPvMV-JZ4vgAgAbS8ck6CQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:32.179570 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aPvMWOJZ4vgAgAbS8ck6CgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:32.179837 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aPvMWOJZ4vgAgAbS8ck6CgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:32.180011 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aPvMWOJZ4vgAgAbS8ck6CgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:32.803727 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aPvMWOJZ4vgAgAbS8ck6CwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:32.804120 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aPvMWOJZ4vgAgAbS8ck6CwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:32.804378 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aPvMWOJZ4vgAgAbS8ck6CwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.087180 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.087370 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.087619 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.087804 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.242164 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.242535 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.242900 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.243126 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.427548 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.427812 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:33.427999 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aPvMWeJZ4vgAgAbS8ck6DgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.021381 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aPvMWuJZ4vgAgAbS8ck6DwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.021648 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aPvMWuJZ4vgAgAbS8ck6DwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.021831 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aPvMWuJZ4vgAgAbS8ck6DwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.258659 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.258845 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.259094 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.259254 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.379055 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.379253 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.379525 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.379695 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.517438 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.517701 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.517913 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.734543 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.734819 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.735024 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aPvMWuJZ4vgAgAbS8ck6EwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.912813 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6FAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.913002 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6FAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.913257 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6FAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:34.913422 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aPvMWuJZ4vgAgAbS8ck6FAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:35.613096 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMW-JZ4vgAgAbS8ck6FQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:35.613380 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMW-JZ4vgAgAbS8ck6FQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:35.613747 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMW-JZ4vgAgAbS8ck6FQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:35.613998 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aPvMW-JZ4vgAgAbS8ck6FQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:35.888200 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aPvMW-JZ4vgAgAbS8ck6FgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:35.888452 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aPvMW-JZ4vgAgAbS8ck6FgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:35.888613 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aPvMW-JZ4vgAgAbS8ck6FgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.077321 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aPvMXOJZ4vgAgAbS8ck6FwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.077574 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aPvMXOJZ4vgAgAbS8ck6FwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.077766 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aPvMXOJZ4vgAgAbS8ck6FwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.310638 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.310833 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.311094 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.311292 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.562181 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.562398 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.562639 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.562805 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.728314 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.728583 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:36.728779 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aPvMXOJZ4vgAgAbS8ck6GgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.408149 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aPvMXeJZ4vgAgAbS8ck6GwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.408429 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aPvMXeJZ4vgAgAbS8ck6GwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.408617 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aPvMXeJZ4vgAgAbS8ck6GwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.684716 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.684916 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.685172 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.685343 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.872095 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.872316 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.872570 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:37.872774 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aPvMXeJZ4vgAgAbS8ck6HQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.112266 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aPvMXuJZ4vgAgAbS8ck6HgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.112525 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aPvMXuJZ4vgAgAbS8ck6HgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.112726 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aPvMXuJZ4vgAgAbS8ck6HgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.295824 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aPvMXuJZ4vgAgAbS8ck6HwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.296223 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aPvMXuJZ4vgAgAbS8ck6HwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.296480 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aPvMXuJZ4vgAgAbS8ck6HwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.435399 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.435591 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.435847 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.436019 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.588579 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.588769 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.589016 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:38.589195 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aPvMXuJZ4vgAgAbS8ck6IQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.247099 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aPvMX-JZ4vgAgAbS8ck6IgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.247479 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aPvMX-JZ4vgAgAbS8ck6IgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.247711 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aPvMX-JZ4vgAgAbS8ck6IgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.514643 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aPvMX-JZ4vgAgAbS8ck6IwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.514897 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aPvMX-JZ4vgAgAbS8ck6IwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.515070 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aPvMX-JZ4vgAgAbS8ck6IwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.671278 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.671492 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.671740 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.671907 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.952034 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.952222 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.952470 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:39.952643 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aPvMX-JZ4vgAgAbS8ck6JQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:40.145731 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aPvMYOJZ4vgAgAbS8ck6JgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:40.145997 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aPvMYOJZ4vgAgAbS8ck6JgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:40.146190 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aPvMYOJZ4vgAgAbS8ck6JgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:40.837946 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aPvMYOJZ4vgAgAbS8ck6JwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:40.838234 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aPvMYOJZ4vgAgAbS8ck6JwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:40.838467 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aPvMYOJZ4vgAgAbS8ck6JwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:41.879333 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMYeJZ4vgAgAbS8ck6KAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:41.879522 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMYeJZ4vgAgAbS8ck6KAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:41.879769 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMYeJZ4vgAgAbS8ck6KAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:41.879945 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aPvMYeJZ4vgAgAbS8ck6KAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:42.766665 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMYuJZ4vgAgAbS8ck6KQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:42.766880 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMYuJZ4vgAgAbS8ck6KQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:42.767148 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMYuJZ4vgAgAbS8ck6KQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:42.767366 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aPvMYuJZ4vgAgAbS8ck6KQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.407293 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPvMY-JZ4vgAgAbS8ck6KgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.407565 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPvMY-JZ4vgAgAbS8ck6KgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.407736 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aPvMY-JZ4vgAgAbS8ck6KgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.739582 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aPvMY-JZ4vgAgAbS8ck6KwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.739848 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aPvMY-JZ4vgAgAbS8ck6KwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.740026 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aPvMY-JZ4vgAgAbS8ck6KwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.982655 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMY-JZ4vgAgAbS8ck6LAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.982849 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMY-JZ4vgAgAbS8ck6LAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.983088 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMY-JZ4vgAgAbS8ck6LAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:43.983252 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aPvMY-JZ4vgAgAbS8ck6LAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:44.156314 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMZOJZ4vgAgAbS8ck6LQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:44.156512 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMZOJZ4vgAgAbS8ck6LQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:44.156777 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMZOJZ4vgAgAbS8ck6LQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:44.156963 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aPvMZOJZ4vgAgAbS8ck6LQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:45.498441 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aPvMZeJZ4vgAgAbS8ck6LgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:45.498702 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aPvMZeJZ4vgAgAbS8ck6LgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:45.498908 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aPvMZeJZ4vgAgAbS8ck6LgAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.486804 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aPvMZuJZ4vgAgAbS8ck6LwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.487078 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aPvMZuJZ4vgAgAbS8ck6LwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.487269 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aPvMZuJZ4vgAgAbS8ck6LwAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.801321 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.801510 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.801747 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.801915 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MAAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.985092 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.985299 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.985604 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:58:46.985807 2025] [:error] [pid 3735672] [client 52.28.200.164:39302] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aPvMZuJZ4vgAgAbS8ck6MQAAAAs"], referer: https://www.google.com/
[Fri Oct 24 20:59:00.303389 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aPvMdDqiRrsqbAQUrtTltAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:00.303848 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aPvMdDqiRrsqbAQUrtTltAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:00.304036 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aPvMdDqiRrsqbAQUrtTltAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:00.946928 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aPvMdDqiRrsqbAQUrtTltQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:00.947332 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aPvMdDqiRrsqbAQUrtTltQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:00.947535 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aPvMdDqiRrsqbAQUrtTltQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.238654 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aPvMdTqiRrsqbAQUrtTltgAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.239053 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aPvMdTqiRrsqbAQUrtTltgAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.239218 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aPvMdTqiRrsqbAQUrtTltgAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.415592 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aPvMdTqiRrsqbAQUrtTltwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.415982 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aPvMdTqiRrsqbAQUrtTltwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.416191 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aPvMdTqiRrsqbAQUrtTltwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.637014 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aPvMdTqiRrsqbAQUrtTluAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.637425 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aPvMdTqiRrsqbAQUrtTluAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.637652 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aPvMdTqiRrsqbAQUrtTluAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.858872 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aPvMdTqiRrsqbAQUrtTluQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.859283 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aPvMdTqiRrsqbAQUrtTluQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:01.859462 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aPvMdTqiRrsqbAQUrtTluQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:02.050609 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aPvMdjqiRrsqbAQUrtTlugAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:02.051045 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aPvMdjqiRrsqbAQUrtTlugAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:02.051246 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aPvMdjqiRrsqbAQUrtTlugAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:02.202357 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aPvMdjqiRrsqbAQUrtTluwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:02.202773 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aPvMdjqiRrsqbAQUrtTluwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:02.202971 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aPvMdjqiRrsqbAQUrtTluwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:03.837846 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aPvMdzqiRrsqbAQUrtTlwAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:03.838371 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aPvMdzqiRrsqbAQUrtTlwAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:03.838587 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aPvMdzqiRrsqbAQUrtTlwAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.381547 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.382029 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.382239 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.744166 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwgAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.744579 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwgAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.744768 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwgAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.918581 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.919002 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:04.919221 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aPvMeDqiRrsqbAQUrtTlwwAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.357824 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlyAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.358236 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlyAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.358438 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlyAAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.609081 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlyQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.609470 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlyQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.609635 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlyQAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.752571 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlygAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.752992 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlygAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:06.753174 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aPvMejqiRrsqbAQUrtTlygAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:07.205741 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aPvMezqiRrsqbAQUrtTlywAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:07.206148 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aPvMezqiRrsqbAQUrtTlywAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:07.206321 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aPvMezqiRrsqbAQUrtTlywAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:26.274982 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPvMjjqiRrsqbAQUrtTl_AAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:26.275243 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPvMjjqiRrsqbAQUrtTl_AAAAA4"], referer: https://www.google.com/
[Fri Oct 24 20:59:26.275423 2025] [:error] [pid 3735674] [client 52.28.200.164:52222] [client 52.28.200.164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aPvMjjqiRrsqbAQUrtTl_AAAAA4"], referer: https://www.google.com/
[Sun Oct 26 08:27:50.712057 2025] [:error] [pid 3769906] [client 45.148.10.165:58196] [client 45.148.10.165] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aP3Ndsn7rqYqbuISx_nKSQAAAAI"]
[Sun Oct 26 08:27:50.712375 2025] [:error] [pid 3769906] [client 45.148.10.165:58196] [client 45.148.10.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aP3Ndsn7rqYqbuISx_nKSQAAAAI"]
[Sun Oct 26 08:27:50.712615 2025] [:error] [pid 3769906] [client 45.148.10.165:58196] [client 45.148.10.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/"] [unique_id "aP3Ndsn7rqYqbuISx_nKSQAAAAI"]
[Sun Oct 26 08:27:50.834065 2025] [:error] [pid 3769905] [client 45.148.10.165:58260] [client 45.148.10.165] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aP3NdhLpsOpM82cROhVU0QAAAAE"]
[Sun Oct 26 08:27:50.834282 2025] [:error] [pid 3769905] [client 45.148.10.165:58260] [client 45.148.10.165] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aP3NdhLpsOpM82cROhVU0QAAAAE"]
[Sun Oct 26 08:27:50.834451 2025] [:error] [pid 3769905] [client 45.148.10.165:58260] [client 45.148.10.165] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aP3NdhLpsOpM82cROhVU0QAAAAE"]
[Mon Oct 27 23:35:42.785043 2025] [authz_core:error] [pid 3816548] [client 209.38.248.17:52218] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/server-status
[Mon Oct 27 23:35:42.941627 2025] [:error] [pid 3816574] [client 209.38.248.17:52248] [client 209.38.248.17] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP_zvk2OVaaFkQE4MuInWAAAAAY"]
[Mon Oct 27 23:35:42.941861 2025] [:error] [pid 3816574] [client 209.38.248.17:52248] [client 209.38.248.17] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP_zvk2OVaaFkQE4MuInWAAAAAY"]
[Mon Oct 27 23:35:42.942051 2025] [:error] [pid 3816574] [client 209.38.248.17:52248] [client 209.38.248.17] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aP_zvk2OVaaFkQE4MuInWAAAAAY"]
[Mon Oct 27 23:35:42.993166 2025] [:error] [pid 3816547] [client 209.38.248.17:52264] [client 209.38.248.17] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP_zvrSCfEbmUsWS33yaywAAAAE"]
[Mon Oct 27 23:35:42.993386 2025] [:error] [pid 3816547] [client 209.38.248.17:52264] [client 209.38.248.17] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP_zvrSCfEbmUsWS33yaywAAAAE"]
[Mon Oct 27 23:35:42.993542 2025] [:error] [pid 3816547] [client 209.38.248.17:52264] [client 209.38.248.17] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP_zvrSCfEbmUsWS33yaywAAAAE"]
[Mon Oct 27 23:35:43.044441 2025] [:error] [pid 3816546] [client 209.38.248.17:52274] [client 209.38.248.17] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP_zv0R7aPhRTjjARXw9SwAAAAA"]
[Mon Oct 27 23:35:43.044656 2025] [:error] [pid 3816546] [client 209.38.248.17:52274] [client 209.38.248.17] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP_zv0R7aPhRTjjARXw9SwAAAAA"]
[Mon Oct 27 23:35:43.044829 2025] [:error] [pid 3816546] [client 209.38.248.17:52274] [client 209.38.248.17] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP_zv0R7aPhRTjjARXw9SwAAAAA"]
[Mon Oct 27 23:57:11.221429 2025] [:error] [pid 3816546] [client 96.41.38.202:46714] [client 96.41.38.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP_4x0R7aPhRTjjARXw9VgAAAAA"]
[Mon Oct 27 23:57:11.221742 2025] [:error] [pid 3816546] [client 96.41.38.202:46714] [client 96.41.38.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP_4x0R7aPhRTjjARXw9VgAAAAA"]
[Mon Oct 27 23:57:11.221968 2025] [:error] [pid 3816546] [client 96.41.38.202:46714] [client 96.41.38.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aP_4x0R7aPhRTjjARXw9VgAAAAA"]
[Mon Oct 27 23:57:11.444356 2025] [:error] [pid 3816546] [client 96.41.38.202:46714] [client 96.41.38.202] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP_4x0R7aPhRTjjARXw9VwAAAAA"]
[Mon Oct 27 23:57:11.444681 2025] [:error] [pid 3816546] [client 96.41.38.202:46714] [client 96.41.38.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP_4x0R7aPhRTjjARXw9VwAAAAA"]
[Mon Oct 27 23:57:11.444895 2025] [:error] [pid 3816546] [client 96.41.38.202:46714] [client 96.41.38.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aP_4x0R7aPhRTjjARXw9VwAAAAA"]
[Tue Oct 28 00:36:48.182400 2025] [:error] [pid 3817464] [client 96.41.38.202:43262] [client 96.41.38.202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQACEFCD3k3m6wn0QZ3P-wAAAAY"]
[Tue Oct 28 00:36:48.182862 2025] [:error] [pid 3817464] [client 96.41.38.202:43262] [client 96.41.38.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQACEFCD3k3m6wn0QZ3P-wAAAAY"]
[Tue Oct 28 00:36:48.183062 2025] [:error] [pid 3817464] [client 96.41.38.202:43262] [client 96.41.38.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQACEFCD3k3m6wn0QZ3P-wAAAAY"]
[Tue Oct 28 00:36:48.410547 2025] [:error] [pid 3817464] [client 96.41.38.202:43262] [client 96.41.38.202] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQACEFCD3k3m6wn0QZ3P_AAAAAY"]
[Tue Oct 28 00:36:48.410969 2025] [:error] [pid 3817464] [client 96.41.38.202:43262] [client 96.41.38.202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQACEFCD3k3m6wn0QZ3P_AAAAAY"]
[Tue Oct 28 00:36:48.411227 2025] [:error] [pid 3817464] [client 96.41.38.202:43262] [client 96.41.38.202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQACEFCD3k3m6wn0QZ3P_AAAAAY"]
[Tue Oct 28 05:24:23.932718 2025] [:error] [pid 3819781] [client 13.217.209.78:39292] [client 13.217.209.78] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQBFdyemdjGHqXki4RKK4gAAAAM"]
[Tue Oct 28 05:24:23.933014 2025] [:error] [pid 3819781] [client 13.217.209.78:39292] [client 13.217.209.78] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQBFdyemdjGHqXki4RKK4gAAAAM"]
[Tue Oct 28 05:24:23.933188 2025] [:error] [pid 3819781] [client 13.217.209.78:39292] [client 13.217.209.78] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQBFdyemdjGHqXki4RKK4gAAAAM"]
[Tue Oct 28 06:49:07.975866 2025] [:error] [pid 3819778] [client 213.209.157.244:49046] [client 213.209.157.244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQBZU9kLnaGH-0JONzc_FgAAAAA"]
[Tue Oct 28 06:49:07.976168 2025] [:error] [pid 3819778] [client 213.209.157.244:49046] [client 213.209.157.244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQBZU9kLnaGH-0JONzc_FgAAAAA"]
[Tue Oct 28 06:49:07.976352 2025] [:error] [pid 3819778] [client 213.209.157.244:49046] [client 213.209.157.244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQBZU9kLnaGH-0JONzc_FgAAAAA"]
[Tue Oct 28 16:49:28.516009 2025] [:error] [pid 3831993] [client 34.74.206.114:41650] [client 34.74.206.114] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQDmCBJAUclTzSyltLpqKwAAAAo"]
[Tue Oct 28 16:49:28.516238 2025] [:error] [pid 3831993] [client 34.74.206.114:41650] [client 34.74.206.114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQDmCBJAUclTzSyltLpqKwAAAAo"]
[Tue Oct 28 16:49:28.516429 2025] [:error] [pid 3831993] [client 34.74.206.114:41650] [client 34.74.206.114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQDmCBJAUclTzSyltLpqKwAAAAo"]
[Tue Oct 28 19:45:43.058653 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQEPVxJAUclTzSyltLpqRAAAAAo"]
[Tue Oct 28 19:45:43.062673 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQEPVxJAUclTzSyltLpqRAAAAAo"]
[Tue Oct 28 19:45:43.062890 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQEPVxJAUclTzSyltLpqRAAAAAo"]
[Tue Oct 28 19:45:43.613365 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQEPVxJAUclTzSyltLpqRQAAAAo"]
[Tue Oct 28 19:45:43.617323 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQEPVxJAUclTzSyltLpqRQAAAAo"]
[Tue Oct 28 19:45:43.617552 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQEPVxJAUclTzSyltLpqRQAAAAo"]
[Tue Oct 28 19:45:44.176447 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aQEPWBJAUclTzSyltLpqRgAAAAo"]
[Tue Oct 28 19:45:44.180947 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aQEPWBJAUclTzSyltLpqRgAAAAo"]
[Tue Oct 28 19:45:44.181191 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aQEPWBJAUclTzSyltLpqRgAAAAo"]
[Tue Oct 28 19:45:44.502100 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQEPWBJAUclTzSyltLpqRwAAAAo"]
[Tue Oct 28 19:45:44.505881 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQEPWBJAUclTzSyltLpqRwAAAAo"]
[Tue Oct 28 19:45:44.506098 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQEPWBJAUclTzSyltLpqRwAAAAo"]
[Tue Oct 28 19:45:44.945264 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQEPWBJAUclTzSyltLpqSAAAAAo"]
[Tue Oct 28 19:45:44.949125 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQEPWBJAUclTzSyltLpqSAAAAAo"]
[Tue Oct 28 19:45:44.949319 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQEPWBJAUclTzSyltLpqSAAAAAo"]
[Tue Oct 28 19:45:45.542428 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQEPWRJAUclTzSyltLpqSQAAAAo"]
[Tue Oct 28 19:45:45.542886 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQEPWRJAUclTzSyltLpqSQAAAAo"]
[Tue Oct 28 19:45:45.546744 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQEPWRJAUclTzSyltLpqSQAAAAo"]
[Tue Oct 28 19:45:45.546940 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQEPWRJAUclTzSyltLpqSQAAAAo"]
[Tue Oct 28 19:45:46.136825 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aQEPWhJAUclTzSyltLpqSgAAAAo"]
[Tue Oct 28 19:45:46.140789 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aQEPWhJAUclTzSyltLpqSgAAAAo"]
[Tue Oct 28 19:45:46.141028 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/logs/HEAD"] [unique_id "aQEPWhJAUclTzSyltLpqSgAAAAo"]
[Tue Oct 28 19:45:46.581310 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQEPWhJAUclTzSyltLpqSwAAAAo"]
[Tue Oct 28 19:45:46.585121 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQEPWhJAUclTzSyltLpqSwAAAAo"]
[Tue Oct 28 19:45:46.585321 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQEPWhJAUclTzSyltLpqSwAAAAo"]
[Tue Oct 28 19:45:47.647819 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Matched phrase ".gitlab-ci.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitlab-ci.yml found within REQUEST_FILENAME: /.gitlab-ci.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aQEPWxJAUclTzSyltLpqTAAAAAo"]
[Tue Oct 28 19:45:47.651621 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aQEPWxJAUclTzSyltLpqTAAAAAo"]
[Tue Oct 28 19:45:47.651816 2025] [:error] [pid 3831993] [client 195.178.110.201:56408] [client 195.178.110.201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitlab-ci.yml"] [unique_id "aQEPWxJAUclTzSyltLpqTAAAAAo"]
[Wed Oct 29 01:01:58.547442 2025] [:error] [pid 3842680] [client 194.26.192.110:50216] [client 194.26.192.110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQFZdtkURwtfWoM4NHtXwAAAAAI"]
[Wed Oct 29 01:01:58.547706 2025] [:error] [pid 3842680] [client 194.26.192.110:50216] [client 194.26.192.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQFZdtkURwtfWoM4NHtXwAAAAAI"]
[Wed Oct 29 01:01:58.547872 2025] [:error] [pid 3842680] [client 194.26.192.110:50216] [client 194.26.192.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQFZdtkURwtfWoM4NHtXwAAAAAI"]
[Wed Oct 29 04:30:39.249519 2025] [:error] [pid 3844838] [client 195.178.110.223:39094] [client 195.178.110.223] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQGKX80pe_7wj3RxLl5CZAAAAAE"]
[Wed Oct 29 04:30:39.249854 2025] [:error] [pid 3844838] [client 195.178.110.223:39094] [client 195.178.110.223] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQGKX80pe_7wj3RxLl5CZAAAAAE"]
[Wed Oct 29 04:30:39.250021 2025] [:error] [pid 3844838] [client 195.178.110.223:39094] [client 195.178.110.223] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQGKX80pe_7wj3RxLl5CZAAAAAE"]
[Wed Oct 29 05:08:03.929052 2025] [:error] [pid 3845156] [client 185.177.72.8:58186] [client 185.177.72.8] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQGTI8DXzNce7NzyO-zRCQAAABE"]
[Wed Oct 29 05:08:03.929315 2025] [:error] [pid 3845156] [client 185.177.72.8:58186] [client 185.177.72.8] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQGTI8DXzNce7NzyO-zRCQAAABE"]
[Wed Oct 29 05:08:03.929465 2025] [:error] [pid 3845156] [client 185.177.72.8:58186] [client 185.177.72.8] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQGTI8DXzNce7NzyO-zRCQAAABE"]
[Wed Oct 29 10:33:49.076638 2025] [:error] [pid 3845157] [client 213.209.157.232:35042] [client 213.209.157.232] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQHffe2YtqWllpCkdJFS9gAAABI"]
[Wed Oct 29 10:33:49.076915 2025] [:error] [pid 3845157] [client 213.209.157.232:35042] [client 213.209.157.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQHffe2YtqWllpCkdJFS9gAAABI"]
[Wed Oct 29 10:33:49.077076 2025] [:error] [pid 3845157] [client 213.209.157.232:35042] [client 213.209.157.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQHffe2YtqWllpCkdJFS9gAAABI"]
[Wed Oct 29 12:06:29.755175 2025] [:error] [pid 3845153] [client 194.26.192.110:60668] [client 194.26.192.110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQH1NbfF_j471OvRGMpkHQAAAA4"]
[Wed Oct 29 12:06:29.755483 2025] [:error] [pid 3845153] [client 194.26.192.110:60668] [client 194.26.192.110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQH1NbfF_j471OvRGMpkHQAAAA4"]
[Wed Oct 29 12:06:29.755638 2025] [:error] [pid 3845153] [client 194.26.192.110:60668] [client 194.26.192.110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQH1NbfF_j471OvRGMpkHQAAAA4"]
[Thu Oct 30 00:46:14.844006 2025] [:error] [pid 3867337] [client 213.209.157.232:34142] [client 213.209.157.232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQKnRusCMeR1RCutg6zWDgAAAD8"]
[Thu Oct 30 00:46:14.844290 2025] [:error] [pid 3867337] [client 213.209.157.232:34142] [client 213.209.157.232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQKnRusCMeR1RCutg6zWDgAAAD8"]
[Thu Oct 30 00:46:14.844459 2025] [:error] [pid 3867337] [client 213.209.157.232:34142] [client 213.209.157.232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQKnRusCMeR1RCutg6zWDgAAAD8"]
[Thu Oct 30 00:47:38.816203 2025] [:error] [pid 3867663] [client 93.123.109.7:46914] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQKnmtAtDOgwNHCdapXJAQAAAAI"]
[Thu Oct 30 00:47:38.816482 2025] [:error] [pid 3867663] [client 93.123.109.7:46914] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQKnmtAtDOgwNHCdapXJAQAAAAI"]
[Thu Oct 30 00:47:38.816663 2025] [:error] [pid 3867663] [client 93.123.109.7:46914] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQKnmtAtDOgwNHCdapXJAQAAAAI"]
[Thu Oct 30 06:09:20.637199 2025] [:error] [pid 3870136] [client 45.130.203.166:29933] [client 45.130.203.166] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aQLzAPFCkTIbr0l-MPaXrAAAAAM"]
[Thu Oct 30 06:09:20.637449 2025] [:error] [pid 3870136] [client 45.130.203.166:29933] [client 45.130.203.166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aQLzAPFCkTIbr0l-MPaXrAAAAAM"]
[Thu Oct 30 06:09:20.637632 2025] [:error] [pid 3870136] [client 45.130.203.166:29933] [client 45.130.203.166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/HEAD"] [unique_id "aQLzAPFCkTIbr0l-MPaXrAAAAAM"]
[Thu Oct 30 20:06:28.283116 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQO3NJdseHRrfd8_FeKITQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:28.283393 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQO3NJdseHRrfd8_FeKITQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:28.283573 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQO3NJdseHRrfd8_FeKITQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:28.859775 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aQO3NJdseHRrfd8_FeKITgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:28.860048 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aQO3NJdseHRrfd8_FeKITgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:28.860244 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aQO3NJdseHRrfd8_FeKITgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:29.424739 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aQO3NZdseHRrfd8_FeKITwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:29.425096 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aQO3NZdseHRrfd8_FeKITwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:29.425331 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aQO3NZdseHRrfd8_FeKITwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:29.989802 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aQO3NZdseHRrfd8_FeKIUAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:29.990093 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aQO3NZdseHRrfd8_FeKIUAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:29.990300 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aQO3NZdseHRrfd8_FeKIUAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:30.617260 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aQO3NpdseHRrfd8_FeKIUQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:30.617520 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aQO3NpdseHRrfd8_FeKIUQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:30.617729 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aQO3NpdseHRrfd8_FeKIUQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:31.173172 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aQO3N5dseHRrfd8_FeKIUgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:31.173442 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aQO3N5dseHRrfd8_FeKIUgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:31.173650 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aQO3N5dseHRrfd8_FeKIUgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:31.773289 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aQO3N5dseHRrfd8_FeKIUwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:31.773563 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aQO3N5dseHRrfd8_FeKIUwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:31.773786 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aQO3N5dseHRrfd8_FeKIUwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:32.351557 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aQO3OJdseHRrfd8_FeKIVAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:32.351863 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aQO3OJdseHRrfd8_FeKIVAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:32.352071 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aQO3OJdseHRrfd8_FeKIVAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:32.913917 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3OJdseHRrfd8_FeKIVQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:32.914113 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3OJdseHRrfd8_FeKIVQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:32.914380 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3OJdseHRrfd8_FeKIVQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:32.914612 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3OJdseHRrfd8_FeKIVQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:33.431774 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aQO3OZdseHRrfd8_FeKIVgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:33.432034 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aQO3OZdseHRrfd8_FeKIVgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:33.432244 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aQO3OZdseHRrfd8_FeKIVgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:34.014802 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aQO3OpdseHRrfd8_FeKIVwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:34.015088 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aQO3OpdseHRrfd8_FeKIVwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:34.015326 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aQO3OpdseHRrfd8_FeKIVwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:34.581713 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3OpdseHRrfd8_FeKIWAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:34.581910 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3OpdseHRrfd8_FeKIWAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:34.582178 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3OpdseHRrfd8_FeKIWAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:34.582413 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3OpdseHRrfd8_FeKIWAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:35.422020 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3O5dseHRrfd8_FeKIWQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:35.422240 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3O5dseHRrfd8_FeKIWQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:35.423306 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3O5dseHRrfd8_FeKIWQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:35.423512 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3O5dseHRrfd8_FeKIWQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:35.942400 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aQO3O5dseHRrfd8_FeKIWgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:35.942669 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aQO3O5dseHRrfd8_FeKIWgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:35.942902 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aQO3O5dseHRrfd8_FeKIWgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:36.448149 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aQO3PJdseHRrfd8_FeKIWwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:36.448401 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aQO3PJdseHRrfd8_FeKIWwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:36.448608 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aQO3PJdseHRrfd8_FeKIWwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:36.952338 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3PJdseHRrfd8_FeKIXAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:36.952542 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3PJdseHRrfd8_FeKIXAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:36.952798 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3PJdseHRrfd8_FeKIXAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:36.953011 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3PJdseHRrfd8_FeKIXAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:37.459758 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aQO3PZdseHRrfd8_FeKIXQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:37.460012 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aQO3PZdseHRrfd8_FeKIXQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:37.460231 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aQO3PZdseHRrfd8_FeKIXQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:37.967850 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aQO3PZdseHRrfd8_FeKIXgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:37.968113 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aQO3PZdseHRrfd8_FeKIXgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:37.968317 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aQO3PZdseHRrfd8_FeKIXgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:38.473447 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aQO3PpdseHRrfd8_FeKIXwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:38.473713 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aQO3PpdseHRrfd8_FeKIXwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:38.473919 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aQO3PpdseHRrfd8_FeKIXwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:38.979733 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQO3PpdseHRrfd8_FeKIYAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:38.980021 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQO3PpdseHRrfd8_FeKIYAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:38.980244 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQO3PpdseHRrfd8_FeKIYAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:39.485009 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aQO3P5dseHRrfd8_FeKIYQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:39.485273 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aQO3P5dseHRrfd8_FeKIYQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:39.485482 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aQO3P5dseHRrfd8_FeKIYQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:39.989477 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3P5dseHRrfd8_FeKIYgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:39.989675 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3P5dseHRrfd8_FeKIYgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:39.989914 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3P5dseHRrfd8_FeKIYgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:39.990115 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3P5dseHRrfd8_FeKIYgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:40.493471 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3QJdseHRrfd8_FeKIYwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:40.493699 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3QJdseHRrfd8_FeKIYwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:40.494432 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3QJdseHRrfd8_FeKIYwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:40.494653 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3QJdseHRrfd8_FeKIYwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:40.998678 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aQO3QJdseHRrfd8_FeKIZAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:40.998941 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aQO3QJdseHRrfd8_FeKIZAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:40.999148 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aQO3QJdseHRrfd8_FeKIZAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:41.539727 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aQO3QZdseHRrfd8_FeKIZQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:41.540049 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aQO3QZdseHRrfd8_FeKIZQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:41.540277 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aQO3QZdseHRrfd8_FeKIZQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.044625 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3QpdseHRrfd8_FeKIZgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.044826 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3QpdseHRrfd8_FeKIZgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.045077 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3QpdseHRrfd8_FeKIZgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.045312 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3QpdseHRrfd8_FeKIZgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.548947 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3QpdseHRrfd8_FeKIZwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.549142 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3QpdseHRrfd8_FeKIZwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.549390 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3QpdseHRrfd8_FeKIZwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:42.549618 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3QpdseHRrfd8_FeKIZwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:43.053813 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aQO3Q5dseHRrfd8_FeKIaAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:43.054101 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aQO3Q5dseHRrfd8_FeKIaAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:43.054297 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aQO3Q5dseHRrfd8_FeKIaAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:43.668685 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aQO3Q5dseHRrfd8_FeKIaQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:43.668939 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aQO3Q5dseHRrfd8_FeKIaQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:43.669130 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aQO3Q5dseHRrfd8_FeKIaQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.174650 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3RJdseHRrfd8_FeKIagAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.174846 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3RJdseHRrfd8_FeKIagAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.175091 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3RJdseHRrfd8_FeKIagAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.175296 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3RJdseHRrfd8_FeKIagAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.679225 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3RJdseHRrfd8_FeKIawAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.679422 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3RJdseHRrfd8_FeKIawAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.679661 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3RJdseHRrfd8_FeKIawAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:44.679869 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3RJdseHRrfd8_FeKIawAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:45.183646 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aQO3RZdseHRrfd8_FeKIbAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:45.183915 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aQO3RZdseHRrfd8_FeKIbAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:45.184117 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aQO3RZdseHRrfd8_FeKIbAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:45.691088 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aQO3RZdseHRrfd8_FeKIbQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:45.691366 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aQO3RZdseHRrfd8_FeKIbQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:45.691995 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aQO3RZdseHRrfd8_FeKIbQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.217951 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3RpdseHRrfd8_FeKIbgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.218140 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3RpdseHRrfd8_FeKIbgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.218404 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3RpdseHRrfd8_FeKIbgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.218625 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3RpdseHRrfd8_FeKIbgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.733792 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3RpdseHRrfd8_FeKIbwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.733978 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3RpdseHRrfd8_FeKIbwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.734217 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3RpdseHRrfd8_FeKIbwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:46.734455 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3RpdseHRrfd8_FeKIbwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:47.239354 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aQO3R5dseHRrfd8_FeKIcAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:47.239614 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aQO3R5dseHRrfd8_FeKIcAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:47.239834 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aQO3R5dseHRrfd8_FeKIcAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:47.743645 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aQO3R5dseHRrfd8_FeKIcQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:47.743937 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aQO3R5dseHRrfd8_FeKIcQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:47.744155 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aQO3R5dseHRrfd8_FeKIcQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.275851 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3SJdseHRrfd8_FeKIcgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.276054 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3SJdseHRrfd8_FeKIcgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.276303 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3SJdseHRrfd8_FeKIcgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.276521 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3SJdseHRrfd8_FeKIcgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.780599 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3SJdseHRrfd8_FeKIcwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.780809 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3SJdseHRrfd8_FeKIcwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.781082 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3SJdseHRrfd8_FeKIcwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:48.781310 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3SJdseHRrfd8_FeKIcwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:49.285797 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aQO3SZdseHRrfd8_FeKIdAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:49.286061 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aQO3SZdseHRrfd8_FeKIdAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:49.286276 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aQO3SZdseHRrfd8_FeKIdAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:49.790180 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aQO3SZdseHRrfd8_FeKIdQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:49.790474 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aQO3SZdseHRrfd8_FeKIdQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:49.790694 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aQO3SZdseHRrfd8_FeKIdQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.295053 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3SpdseHRrfd8_FeKIdgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.295240 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3SpdseHRrfd8_FeKIdgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.295488 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3SpdseHRrfd8_FeKIdgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.295682 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3SpdseHRrfd8_FeKIdgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.890903 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3SpdseHRrfd8_FeKIdwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.891122 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3SpdseHRrfd8_FeKIdwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.892926 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3SpdseHRrfd8_FeKIdwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:50.893149 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3SpdseHRrfd8_FeKIdwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:51.398423 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aQO3S5dseHRrfd8_FeKIeAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:51.398693 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aQO3S5dseHRrfd8_FeKIeAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:51.398928 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aQO3S5dseHRrfd8_FeKIeAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:51.903410 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aQO3S5dseHRrfd8_FeKIeQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:51.903660 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aQO3S5dseHRrfd8_FeKIeQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:51.903889 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aQO3S5dseHRrfd8_FeKIeQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.407867 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3TJdseHRrfd8_FeKIegAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.408056 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3TJdseHRrfd8_FeKIegAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.408316 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3TJdseHRrfd8_FeKIegAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.408534 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3TJdseHRrfd8_FeKIegAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.918981 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3TJdseHRrfd8_FeKIewAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.919190 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3TJdseHRrfd8_FeKIewAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.919441 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3TJdseHRrfd8_FeKIewAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:52.919655 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3TJdseHRrfd8_FeKIewAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:53.433555 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aQO3TZdseHRrfd8_FeKIfAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:53.433805 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aQO3TZdseHRrfd8_FeKIfAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:53.434033 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aQO3TZdseHRrfd8_FeKIfAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:53.937677 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aQO3TZdseHRrfd8_FeKIfQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:53.937967 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aQO3TZdseHRrfd8_FeKIfQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:53.938196 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aQO3TZdseHRrfd8_FeKIfQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.444953 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3TpdseHRrfd8_FeKIfgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.445153 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3TpdseHRrfd8_FeKIfgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.445403 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3TpdseHRrfd8_FeKIfgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.445629 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3TpdseHRrfd8_FeKIfgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.951051 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3TpdseHRrfd8_FeKIfwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.951251 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3TpdseHRrfd8_FeKIfwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.951505 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3TpdseHRrfd8_FeKIfwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:54.951741 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3TpdseHRrfd8_FeKIfwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:55.466097 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aQO3T5dseHRrfd8_FeKIgAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:55.466416 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aQO3T5dseHRrfd8_FeKIgAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:55.466655 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aQO3T5dseHRrfd8_FeKIgAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:55.972388 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aQO3T5dseHRrfd8_FeKIgQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:55.972647 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aQO3T5dseHRrfd8_FeKIgQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:55.972856 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aQO3T5dseHRrfd8_FeKIgQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.477182 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3UJdseHRrfd8_FeKIggAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.477370 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3UJdseHRrfd8_FeKIggAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.477617 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3UJdseHRrfd8_FeKIggAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.477830 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3UJdseHRrfd8_FeKIggAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.981322 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3UJdseHRrfd8_FeKIgwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.981523 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3UJdseHRrfd8_FeKIgwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.981764 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3UJdseHRrfd8_FeKIgwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:56.981965 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3UJdseHRrfd8_FeKIgwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:57.495469 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aQO3UZdseHRrfd8_FeKIhAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:57.495750 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aQO3UZdseHRrfd8_FeKIhAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:57.495998 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aQO3UZdseHRrfd8_FeKIhAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:58.001690 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aQO3UpdseHRrfd8_FeKIhQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:58.001983 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aQO3UpdseHRrfd8_FeKIhQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:58.002208 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aQO3UpdseHRrfd8_FeKIhQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:58.505238 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3UpdseHRrfd8_FeKIhgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:58.505455 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3UpdseHRrfd8_FeKIhgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:58.506417 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3UpdseHRrfd8_FeKIhgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:58.506625 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3UpdseHRrfd8_FeKIhgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:59.012368 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3U5dseHRrfd8_FeKIhwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:59.012596 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3U5dseHRrfd8_FeKIhwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:59.012905 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3U5dseHRrfd8_FeKIhwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:59.013155 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3U5dseHRrfd8_FeKIhwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:59.521977 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aQO3U5dseHRrfd8_FeKIiAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:59.522257 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aQO3U5dseHRrfd8_FeKIiAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:06:59.522494 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aQO3U5dseHRrfd8_FeKIiAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:00.110437 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aQO3VJdseHRrfd8_FeKIiQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:00.110723 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aQO3VJdseHRrfd8_FeKIiQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:00.110953 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aQO3VJdseHRrfd8_FeKIiQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:00.624346 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3VJdseHRrfd8_FeKIigAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:00.624533 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3VJdseHRrfd8_FeKIigAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:00.624789 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3VJdseHRrfd8_FeKIigAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:00.624992 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3VJdseHRrfd8_FeKIigAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:01.145049 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3VZdseHRrfd8_FeKIiwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:01.145271 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3VZdseHRrfd8_FeKIiwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:01.145554 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3VZdseHRrfd8_FeKIiwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:01.145805 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3VZdseHRrfd8_FeKIiwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:01.650320 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQO3VZdseHRrfd8_FeKIjAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:01.650655 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQO3VZdseHRrfd8_FeKIjAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:01.650880 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQO3VZdseHRrfd8_FeKIjAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:02.155698 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aQO3VpdseHRrfd8_FeKIjQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:02.155960 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aQO3VpdseHRrfd8_FeKIjQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:02.156172 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aQO3VpdseHRrfd8_FeKIjQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:02.672600 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3VpdseHRrfd8_FeKIjgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:02.672807 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3VpdseHRrfd8_FeKIjgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:02.673054 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3VpdseHRrfd8_FeKIjgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:02.673266 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3VpdseHRrfd8_FeKIjgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:03.180632 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3V5dseHRrfd8_FeKIjwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:03.180819 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3V5dseHRrfd8_FeKIjwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:03.181078 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3V5dseHRrfd8_FeKIjwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:03.181267 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3V5dseHRrfd8_FeKIjwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:03.688286 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aQO3V5dseHRrfd8_FeKIkAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:03.688540 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aQO3V5dseHRrfd8_FeKIkAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:03.688749 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aQO3V5dseHRrfd8_FeKIkAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:04.195232 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aQO3WJdseHRrfd8_FeKIkQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:04.195497 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aQO3WJdseHRrfd8_FeKIkQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:04.195694 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aQO3WJdseHRrfd8_FeKIkQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:04.708238 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3WJdseHRrfd8_FeKIkgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:04.708437 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3WJdseHRrfd8_FeKIkgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:04.708687 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3WJdseHRrfd8_FeKIkgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:04.708925 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3WJdseHRrfd8_FeKIkgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:05.217321 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3WZdseHRrfd8_FeKIkwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:05.217510 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3WZdseHRrfd8_FeKIkwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:05.217753 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3WZdseHRrfd8_FeKIkwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:05.217963 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3WZdseHRrfd8_FeKIkwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:05.727260 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aQO3WZdseHRrfd8_FeKIlAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:05.727520 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aQO3WZdseHRrfd8_FeKIlAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:05.727721 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aQO3WZdseHRrfd8_FeKIlAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:06.246855 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aQO3WpdseHRrfd8_FeKIlQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:06.247123 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aQO3WpdseHRrfd8_FeKIlQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:06.247361 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aQO3WpdseHRrfd8_FeKIlQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:06.752301 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3WpdseHRrfd8_FeKIlgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:06.752540 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3WpdseHRrfd8_FeKIlgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:06.752903 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3WpdseHRrfd8_FeKIlgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:06.753148 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3WpdseHRrfd8_FeKIlgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:07.263362 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3W5dseHRrfd8_FeKIlwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:07.263563 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3W5dseHRrfd8_FeKIlwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:07.263833 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3W5dseHRrfd8_FeKIlwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:07.264046 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3W5dseHRrfd8_FeKIlwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:07.777628 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aQO3W5dseHRrfd8_FeKImAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:07.777899 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aQO3W5dseHRrfd8_FeKImAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:07.778113 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aQO3W5dseHRrfd8_FeKImAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:08.308586 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aQO3XJdseHRrfd8_FeKImQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:08.308855 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aQO3XJdseHRrfd8_FeKImQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:08.309077 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aQO3XJdseHRrfd8_FeKImQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:08.816006 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3XJdseHRrfd8_FeKImgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:08.816195 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3XJdseHRrfd8_FeKImgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:08.816436 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3XJdseHRrfd8_FeKImgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:08.816680 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3XJdseHRrfd8_FeKImgAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:09.321263 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3XZdseHRrfd8_FeKImwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:09.321465 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3XZdseHRrfd8_FeKImwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:09.321713 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3XZdseHRrfd8_FeKImwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:09.321923 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3XZdseHRrfd8_FeKImwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:09.827818 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aQO3XZdseHRrfd8_FeKInAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:09.828107 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aQO3XZdseHRrfd8_FeKInAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:09.828338 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aQO3XZdseHRrfd8_FeKInAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:10.335612 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aQO3XpdseHRrfd8_FeKInQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:10.335875 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aQO3XpdseHRrfd8_FeKInQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:10.336082 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aQO3XpdseHRrfd8_FeKInQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:10.852488 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3XpdseHRrfd8_FeKIngAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:10.852724 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3XpdseHRrfd8_FeKIngAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:10.852982 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3XpdseHRrfd8_FeKIngAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:10.853209 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3XpdseHRrfd8_FeKIngAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:11.371261 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3X5dseHRrfd8_FeKInwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:11.371460 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3X5dseHRrfd8_FeKInwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:11.371719 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3X5dseHRrfd8_FeKInwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:11.371936 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3X5dseHRrfd8_FeKInwAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:11.885476 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aQO3X5dseHRrfd8_FeKIoAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:11.885733 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aQO3X5dseHRrfd8_FeKIoAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:11.885942 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aQO3X5dseHRrfd8_FeKIoAAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:12.391303 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aQO3YJdseHRrfd8_FeKIoQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:12.391629 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aQO3YJdseHRrfd8_FeKIoQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:12.391880 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aQO3YJdseHRrfd8_FeKIoQAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:12.905575 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3YJdseHRrfd8_FeKIogAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:12.905774 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3YJdseHRrfd8_FeKIogAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:12.906029 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3YJdseHRrfd8_FeKIogAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:12.906249 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3YJdseHRrfd8_FeKIogAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:13.528714 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3YZdseHRrfd8_FeKIowAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:13.528912 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3YZdseHRrfd8_FeKIowAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:13.529162 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3YZdseHRrfd8_FeKIowAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:13.529365 2025] [:error] [pid 3882091] [client 13.212.120.214:35148] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3YZdseHRrfd8_FeKIowAAAAY"], referer: https://www.google.com/
[Thu Oct 30 20:07:19.664449 2025] [:error] [pid 3884129] [client 13.212.120.214:40568] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQO3Z2KXcG4E0zicfJUK0QAAAAE"], referer: https://www.google.com/
[Thu Oct 30 20:07:19.664702 2025] [:error] [pid 3884129] [client 13.212.120.214:40568] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQO3Z2KXcG4E0zicfJUK0QAAAAE"], referer: https://www.google.com/
[Thu Oct 30 20:07:19.664906 2025] [:error] [pid 3884129] [client 13.212.120.214:40568] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQO3Z2KXcG4E0zicfJUK0QAAAAE"], referer: https://www.google.com/
[Thu Oct 30 20:07:52.227882 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQO3iEIRheG_olLGGo-loQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:52.228160 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQO3iEIRheG_olLGGo-loQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:52.228343 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQO3iEIRheG_olLGGo-loQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:52.741792 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aQO3iEIRheG_olLGGo-logAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:52.742066 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aQO3iEIRheG_olLGGo-logAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:52.742249 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aQO3iEIRheG_olLGGo-logAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:53.301676 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aQO3iUIRheG_olLGGo-lowAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:53.301962 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aQO3iUIRheG_olLGGo-lowAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:53.302145 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aQO3iUIRheG_olLGGo-lowAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:53.885862 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aQO3iUIRheG_olLGGo-lpAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:53.886178 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aQO3iUIRheG_olLGGo-lpAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:53.886457 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aQO3iUIRheG_olLGGo-lpAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:54.431332 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aQO3ikIRheG_olLGGo-lpQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:54.431587 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aQO3ikIRheG_olLGGo-lpQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:54.431815 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aQO3ikIRheG_olLGGo-lpQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:54.978394 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aQO3ikIRheG_olLGGo-lpgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:54.978662 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aQO3ikIRheG_olLGGo-lpgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:54.978884 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aQO3ikIRheG_olLGGo-lpgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:55.539663 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aQO3i0IRheG_olLGGo-lpwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:55.539949 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aQO3i0IRheG_olLGGo-lpwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:55.540180 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aQO3i0IRheG_olLGGo-lpwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:56.097861 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aQO3jEIRheG_olLGGo-lqAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:56.098111 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aQO3jEIRheG_olLGGo-lqAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:56.098298 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aQO3jEIRheG_olLGGo-lqAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:56.615484 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3jEIRheG_olLGGo-lqQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:56.615678 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3jEIRheG_olLGGo-lqQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:56.615917 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3jEIRheG_olLGGo-lqQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:56.616127 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aQO3jEIRheG_olLGGo-lqQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:57.253134 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aQO3jUIRheG_olLGGo-lqgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:57.253388 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aQO3jUIRheG_olLGGo-lqgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:57.253584 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aQO3jUIRheG_olLGGo-lqgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:57.773103 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aQO3jUIRheG_olLGGo-lqwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:57.777300 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aQO3jUIRheG_olLGGo-lqwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:57.777514 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aQO3jUIRheG_olLGGo-lqwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.358851 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3jkIRheG_olLGGo-lrAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.359036 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3jkIRheG_olLGGo-lrAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.359271 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3jkIRheG_olLGGo-lrAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.359457 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aQO3jkIRheG_olLGGo-lrAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.895339 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3jkIRheG_olLGGo-lrQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.895526 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3jkIRheG_olLGGo-lrQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.895766 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3jkIRheG_olLGGo-lrQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:58.895951 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQO3jkIRheG_olLGGo-lrQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:59.462507 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aQO3j0IRheG_olLGGo-lrgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:59.462890 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aQO3j0IRheG_olLGGo-lrgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:07:59.463172 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aQO3j0IRheG_olLGGo-lrgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:00.019662 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aQO3kEIRheG_olLGGo-lrwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:00.019932 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aQO3kEIRheG_olLGGo-lrwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:00.020138 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aQO3kEIRheG_olLGGo-lrwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:00.550238 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3kEIRheG_olLGGo-lsAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:00.550465 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3kEIRheG_olLGGo-lsAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:00.550710 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3kEIRheG_olLGGo-lsAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:00.550918 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aQO3kEIRheG_olLGGo-lsAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:01.119759 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aQO3kUIRheG_olLGGo-lsQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:01.120018 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aQO3kUIRheG_olLGGo-lsQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:01.120218 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aQO3kUIRheG_olLGGo-lsQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:01.669882 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aQO3kUIRheG_olLGGo-lsgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:01.670137 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aQO3kUIRheG_olLGGo-lsgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:01.670331 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aQO3kUIRheG_olLGGo-lsgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:02.221492 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aQO3kkIRheG_olLGGo-lswAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:02.221765 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aQO3kkIRheG_olLGGo-lswAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:02.221966 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aQO3kkIRheG_olLGGo-lswAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:02.805141 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQO3kkIRheG_olLGGo-ltAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:02.805400 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQO3kkIRheG_olLGGo-ltAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:02.805592 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aQO3kkIRheG_olLGGo-ltAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:03.332204 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aQO3k0IRheG_olLGGo-ltQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:03.332466 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aQO3k0IRheG_olLGGo-ltQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:03.332665 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aQO3k0IRheG_olLGGo-ltQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:03.891469 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3k0IRheG_olLGGo-ltgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:03.891654 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3k0IRheG_olLGGo-ltgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:03.891922 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3k0IRheG_olLGGo-ltgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:03.892112 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aQO3k0IRheG_olLGGo-ltgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:04.433505 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3lEIRheG_olLGGo-ltwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:04.433728 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3lEIRheG_olLGGo-ltwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:04.434034 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3lEIRheG_olLGGo-ltwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:04.434261 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aQO3lEIRheG_olLGGo-ltwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:05.052999 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aQO3lUIRheG_olLGGo-luAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:05.053270 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aQO3lUIRheG_olLGGo-luAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:05.053473 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aQO3lUIRheG_olLGGo-luAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:05.594840 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aQO3lUIRheG_olLGGo-luQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:05.595092 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aQO3lUIRheG_olLGGo-luQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:05.595284 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aQO3lUIRheG_olLGGo-luQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.122573 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3lkIRheG_olLGGo-lugAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.122797 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3lkIRheG_olLGGo-lugAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.123101 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3lkIRheG_olLGGo-lugAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.123318 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aQO3lkIRheG_olLGGo-lugAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.660147 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3lkIRheG_olLGGo-luwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.660343 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3lkIRheG_olLGGo-luwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.661247 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3lkIRheG_olLGGo-luwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:06.661475 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aQO3lkIRheG_olLGGo-luwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:07.293019 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aQO3l0IRheG_olLGGo-lvAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:07.293287 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aQO3l0IRheG_olLGGo-lvAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:07.293481 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aQO3l0IRheG_olLGGo-lvAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:07.899779 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aQO3l0IRheG_olLGGo-lvQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:07.900061 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aQO3l0IRheG_olLGGo-lvQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:07.900291 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aQO3l0IRheG_olLGGo-lvQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:08.439280 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3mEIRheG_olLGGo-lvgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:08.439495 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3mEIRheG_olLGGo-lvgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:08.439792 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3mEIRheG_olLGGo-lvgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:08.440020 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aQO3mEIRheG_olLGGo-lvgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:09.036965 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3mUIRheG_olLGGo-lvwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:09.037163 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3mUIRheG_olLGGo-lvwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:09.037432 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3mUIRheG_olLGGo-lvwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:09.037638 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aQO3mUIRheG_olLGGo-lvwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:09.822045 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aQO3mUIRheG_olLGGo-lwAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:09.822458 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aQO3mUIRheG_olLGGo-lwAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:09.822739 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aQO3mUIRheG_olLGGo-lwAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:10.958533 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aQO3mkIRheG_olLGGo-lwQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:10.958813 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aQO3mkIRheG_olLGGo-lwQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:10.959012 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aQO3mkIRheG_olLGGo-lwQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:11.520388 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3m0IRheG_olLGGo-lwgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:11.520572 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3m0IRheG_olLGGo-lwgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:11.520859 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3m0IRheG_olLGGo-lwgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:11.521065 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aQO3m0IRheG_olLGGo-lwgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:12.070366 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3nEIRheG_olLGGo-lwwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:12.070569 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3nEIRheG_olLGGo-lwwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:12.070865 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3nEIRheG_olLGGo-lwwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:12.071077 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aQO3nEIRheG_olLGGo-lwwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:12.645765 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aQO3nEIRheG_olLGGo-lxAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:12.646022 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aQO3nEIRheG_olLGGo-lxAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:12.646255 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aQO3nEIRheG_olLGGo-lxAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:13.208682 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aQO3nUIRheG_olLGGo-lxQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:13.208956 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aQO3nUIRheG_olLGGo-lxQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:13.209141 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aQO3nUIRheG_olLGGo-lxQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:13.730648 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3nUIRheG_olLGGo-lxgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:13.730832 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3nUIRheG_olLGGo-lxgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:13.731068 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3nUIRheG_olLGGo-lxgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:13.731259 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aQO3nUIRheG_olLGGo-lxgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:14.242605 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3nkIRheG_olLGGo-lxwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:14.242813 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3nkIRheG_olLGGo-lxwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:14.243125 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3nkIRheG_olLGGo-lxwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:14.243341 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aQO3nkIRheG_olLGGo-lxwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:14.765917 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aQO3nkIRheG_olLGGo-lyAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:14.766172 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aQO3nkIRheG_olLGGo-lyAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:14.766416 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aQO3nkIRheG_olLGGo-lyAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:15.329036 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aQO3n0IRheG_olLGGo-lyQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:15.329354 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aQO3n0IRheG_olLGGo-lyQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:15.329605 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aQO3n0IRheG_olLGGo-lyQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:15.874697 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3n0IRheG_olLGGo-lygAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:15.875011 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3n0IRheG_olLGGo-lygAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:15.875407 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3n0IRheG_olLGGo-lygAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:15.875696 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aQO3n0IRheG_olLGGo-lygAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:16.489571 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3oEIRheG_olLGGo-lywAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:16.489763 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3oEIRheG_olLGGo-lywAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:16.490040 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3oEIRheG_olLGGo-lywAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:16.490269 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aQO3oEIRheG_olLGGo-lywAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:17.146324 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aQO3oUIRheG_olLGGo-lzAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:17.146618 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aQO3oUIRheG_olLGGo-lzAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:17.147493 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aQO3oUIRheG_olLGGo-lzAAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:17.735089 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aQO3oUIRheG_olLGGo-lzQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:17.735349 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aQO3oUIRheG_olLGGo-lzQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:17.735568 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aQO3oUIRheG_olLGGo-lzQAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.319225 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3okIRheG_olLGGo-lzgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.319421 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3okIRheG_olLGGo-lzgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.319674 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3okIRheG_olLGGo-lzgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.319914 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aQO3okIRheG_olLGGo-lzgAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.966928 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3okIRheG_olLGGo-lzwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.967146 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3okIRheG_olLGGo-lzwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.967408 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3okIRheG_olLGGo-lzwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:18.967608 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aQO3okIRheG_olLGGo-lzwAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:19.518020 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aQO3o0IRheG_olLGGo-l0AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:19.518268 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aQO3o0IRheG_olLGGo-l0AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:19.518497 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aQO3o0IRheG_olLGGo-l0AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:20.050459 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aQO3pEIRheG_olLGGo-l0QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:20.050740 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aQO3pEIRheG_olLGGo-l0QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:20.050950 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aQO3pEIRheG_olLGGo-l0QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:20.588271 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3pEIRheG_olLGGo-l0gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:20.588473 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3pEIRheG_olLGGo-l0gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:20.588725 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3pEIRheG_olLGGo-l0gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:20.588923 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aQO3pEIRheG_olLGGo-l0gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:21.332816 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3pUIRheG_olLGGo-l0wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:21.333009 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3pUIRheG_olLGGo-l0wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:21.333260 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3pUIRheG_olLGGo-l0wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:21.333472 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aQO3pUIRheG_olLGGo-l0wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:22.041260 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aQO3pkIRheG_olLGGo-l1AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:22.041516 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aQO3pkIRheG_olLGGo-l1AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:22.041734 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aQO3pkIRheG_olLGGo-l1AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:22.561191 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aQO3pkIRheG_olLGGo-l1QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:22.561454 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aQO3pkIRheG_olLGGo-l1QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:22.561660 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aQO3pkIRheG_olLGGo-l1QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.143553 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3p0IRheG_olLGGo-l1gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.143740 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3p0IRheG_olLGGo-l1gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.143993 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3p0IRheG_olLGGo-l1gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.144201 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aQO3p0IRheG_olLGGo-l1gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.803757 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3p0IRheG_olLGGo-l1wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.803955 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3p0IRheG_olLGGo-l1wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.804210 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3p0IRheG_olLGGo-l1wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:23.804407 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aQO3p0IRheG_olLGGo-l1wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:24.379295 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aQO3qEIRheG_olLGGo-l2AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:24.379563 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aQO3qEIRheG_olLGGo-l2AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:24.379780 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aQO3qEIRheG_olLGGo-l2AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:24.929722 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aQO3qEIRheG_olLGGo-l2QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:24.930030 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aQO3qEIRheG_olLGGo-l2QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:24.930263 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aQO3qEIRheG_olLGGo-l2QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:25.545220 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3qUIRheG_olLGGo-l2gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:25.545419 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3qUIRheG_olLGGo-l2gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:25.545664 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3qUIRheG_olLGGo-l2gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:25.545857 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aQO3qUIRheG_olLGGo-l2gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:26.159301 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3qkIRheG_olLGGo-l2wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:26.159488 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3qkIRheG_olLGGo-l2wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:26.159740 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3qkIRheG_olLGGo-l2wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:26.159941 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aQO3qkIRheG_olLGGo-l2wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:26.830992 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aQO3qkIRheG_olLGGo-l3AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:26.831253 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aQO3qkIRheG_olLGGo-l3AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:26.831443 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aQO3qkIRheG_olLGGo-l3AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:27.358104 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aQO3q0IRheG_olLGGo-l3QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:27.358449 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aQO3q0IRheG_olLGGo-l3QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:27.359105 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aQO3q0IRheG_olLGGo-l3QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:27.886040 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3q0IRheG_olLGGo-l3gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:27.886238 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3q0IRheG_olLGGo-l3gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:27.886522 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3q0IRheG_olLGGo-l3gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:27.886721 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aQO3q0IRheG_olLGGo-l3gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:28.421677 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3rEIRheG_olLGGo-l3wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:28.421894 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3rEIRheG_olLGGo-l3wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:28.422145 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3rEIRheG_olLGGo-l3wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:28.422369 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aQO3rEIRheG_olLGGo-l3wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:28.959324 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQO3rEIRheG_olLGGo-l4AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:28.959618 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQO3rEIRheG_olLGGo-l4AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:28.959826 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aQO3rEIRheG_olLGGo-l4AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:29.580268 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aQO3rUIRheG_olLGGo-l4QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:29.580544 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aQO3rUIRheG_olLGGo-l4QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:29.580752 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aQO3rUIRheG_olLGGo-l4QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.149743 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3rkIRheG_olLGGo-l4gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.149969 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3rkIRheG_olLGGo-l4gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.150228 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3rkIRheG_olLGGo-l4gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.150508 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aQO3rkIRheG_olLGGo-l4gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.801892 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3rkIRheG_olLGGo-l4wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.802103 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3rkIRheG_olLGGo-l4wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.802382 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3rkIRheG_olLGGo-l4wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:30.802583 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aQO3rkIRheG_olLGGo-l4wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:31.362741 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aQO3r0IRheG_olLGGo-l5AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:31.363009 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aQO3r0IRheG_olLGGo-l5AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:31.363208 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aQO3r0IRheG_olLGGo-l5AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:31.927124 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aQO3r0IRheG_olLGGo-l5QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:31.927391 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aQO3r0IRheG_olLGGo-l5QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:31.927585 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aQO3r0IRheG_olLGGo-l5QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:32.516521 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3sEIRheG_olLGGo-l5gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:32.516719 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3sEIRheG_olLGGo-l5gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:32.516973 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3sEIRheG_olLGGo-l5gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:32.517184 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aQO3sEIRheG_olLGGo-l5gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:33.055389 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3sUIRheG_olLGGo-l5wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:33.055577 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3sUIRheG_olLGGo-l5wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:33.055815 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3sUIRheG_olLGGo-l5wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:33.056003 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aQO3sUIRheG_olLGGo-l5wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:33.560038 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aQO3sUIRheG_olLGGo-l6AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:33.560315 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aQO3sUIRheG_olLGGo-l6AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:33.560526 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aQO3sUIRheG_olLGGo-l6AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:34.081745 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aQO3skIRheG_olLGGo-l6QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:34.082046 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aQO3skIRheG_olLGGo-l6QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:34.082263 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aQO3skIRheG_olLGGo-l6QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:34.642886 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3skIRheG_olLGGo-l6gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:34.643108 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3skIRheG_olLGGo-l6gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:34.643368 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3skIRheG_olLGGo-l6gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:34.643583 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aQO3skIRheG_olLGGo-l6gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:35.216306 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3s0IRheG_olLGGo-l6wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:35.216504 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3s0IRheG_olLGGo-l6wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:35.216744 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3s0IRheG_olLGGo-l6wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:35.216994 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aQO3s0IRheG_olLGGo-l6wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:35.783901 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aQO3s0IRheG_olLGGo-l7AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:35.784165 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aQO3s0IRheG_olLGGo-l7AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:35.784397 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aQO3s0IRheG_olLGGo-l7AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:36.442330 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aQO3tEIRheG_olLGGo-l7QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:36.442637 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aQO3tEIRheG_olLGGo-l7QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:36.442853 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aQO3tEIRheG_olLGGo-l7QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.031223 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3tUIRheG_olLGGo-l7gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.031431 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3tUIRheG_olLGGo-l7gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.031710 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3tUIRheG_olLGGo-l7gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.031942 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aQO3tUIRheG_olLGGo-l7gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.672481 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3tUIRheG_olLGGo-l7wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.672675 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3tUIRheG_olLGGo-l7wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.672937 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3tUIRheG_olLGGo-l7wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:37.673136 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aQO3tUIRheG_olLGGo-l7wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:38.211459 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aQO3tkIRheG_olLGGo-l8AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:38.211775 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aQO3tkIRheG_olLGGo-l8AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:38.211987 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aQO3tkIRheG_olLGGo-l8AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:38.745766 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aQO3tkIRheG_olLGGo-l8QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:38.746027 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aQO3tkIRheG_olLGGo-l8QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:38.746232 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aQO3tkIRheG_olLGGo-l8QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.282710 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3t0IRheG_olLGGo-l8gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.282908 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3t0IRheG_olLGGo-l8gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.283157 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3t0IRheG_olLGGo-l8gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.283357 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aQO3t0IRheG_olLGGo-l8gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.939639 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3t0IRheG_olLGGo-l8wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.939843 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3t0IRheG_olLGGo-l8wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.940087 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3t0IRheG_olLGGo-l8wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:39.940296 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aQO3t0IRheG_olLGGo-l8wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:40.545989 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aQO3uEIRheG_olLGGo-l9AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:40.546268 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aQO3uEIRheG_olLGGo-l9AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:40.546531 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aQO3uEIRheG_olLGGo-l9AAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:41.113448 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aQO3uUIRheG_olLGGo-l9QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:41.113728 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aQO3uUIRheG_olLGGo-l9QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:41.113957 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aQO3uUIRheG_olLGGo-l9QAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:41.660950 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3uUIRheG_olLGGo-l9gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:41.661148 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3uUIRheG_olLGGo-l9gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:41.661427 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3uUIRheG_olLGGo-l9gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:41.661679 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aQO3uUIRheG_olLGGo-l9gAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:42.249095 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3ukIRheG_olLGGo-l9wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:42.249371 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3ukIRheG_olLGGo-l9wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:42.249735 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3ukIRheG_olLGGo-l9wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:42.250011 2025] [:error] [pid 3884461] [client 13.212.120.214:43602] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aQO3ukIRheG_olLGGo-l9wAAAAI"], referer: https://www.google.com/
[Thu Oct 30 20:08:57.663298 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aQO3yTBYe33Xoy6JQHQ2xAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:57.663696 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aQO3yTBYe33Xoy6JQHQ2xAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:57.663899 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aQO3yTBYe33Xoy6JQHQ2xAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:58.240465 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aQO3yjBYe33Xoy6JQHQ2xQAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:58.240856 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aQO3yjBYe33Xoy6JQHQ2xQAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:58.241070 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aQO3yjBYe33Xoy6JQHQ2xQAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:58.824103 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aQO3yjBYe33Xoy6JQHQ2xgAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:58.824529 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aQO3yjBYe33Xoy6JQHQ2xgAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:58.824737 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aQO3yjBYe33Xoy6JQHQ2xgAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:59.465777 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aQO3yzBYe33Xoy6JQHQ2xwAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:59.466194 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aQO3yzBYe33Xoy6JQHQ2xwAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:08:59.466443 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aQO3yzBYe33Xoy6JQHQ2xwAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:00.090018 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aQO3zDBYe33Xoy6JQHQ2yAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:00.090449 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aQO3zDBYe33Xoy6JQHQ2yAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:00.090694 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aQO3zDBYe33Xoy6JQHQ2yAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:00.688929 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aQO3zDBYe33Xoy6JQHQ2yQAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:00.689332 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aQO3zDBYe33Xoy6JQHQ2yQAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:00.689535 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aQO3zDBYe33Xoy6JQHQ2yQAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:01.291428 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aQO3zTBYe33Xoy6JQHQ2ygAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:01.291815 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aQO3zTBYe33Xoy6JQHQ2ygAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:01.292010 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aQO3zTBYe33Xoy6JQHQ2ygAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:01.916443 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aQO3zTBYe33Xoy6JQHQ2ywAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:01.916846 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aQO3zTBYe33Xoy6JQHQ2ywAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:01.917051 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aQO3zTBYe33Xoy6JQHQ2ywAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:04.948674 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aQO30DBYe33Xoy6JQHQ20AAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:04.949073 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aQO30DBYe33Xoy6JQHQ20AAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:04.949277 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aQO30DBYe33Xoy6JQHQ20AAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:05.570166 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aQO30TBYe33Xoy6JQHQ20QAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:05.570601 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aQO30TBYe33Xoy6JQHQ20QAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:05.570806 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aQO30TBYe33Xoy6JQHQ20QAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:06.124381 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aQO30jBYe33Xoy6JQHQ20gAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:06.124817 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aQO30jBYe33Xoy6JQHQ20gAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:06.125011 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aQO30jBYe33Xoy6JQHQ20gAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:06.746997 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aQO30jBYe33Xoy6JQHQ20wAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:06.747380 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aQO30jBYe33Xoy6JQHQ20wAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:06.747572 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aQO30jBYe33Xoy6JQHQ20wAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:09.697094 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aQO31TBYe33Xoy6JQHQ22AAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:09.697512 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aQO31TBYe33Xoy6JQHQ22AAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:09.697748 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aQO31TBYe33Xoy6JQHQ22AAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:10.742023 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aQO31jBYe33Xoy6JQHQ22QAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:10.742468 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aQO31jBYe33Xoy6JQHQ22QAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:10.742686 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aQO31jBYe33Xoy6JQHQ22QAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:11.246937 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aQO31zBYe33Xoy6JQHQ22gAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:11.247338 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aQO31zBYe33Xoy6JQHQ22gAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:11.247541 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aQO31zBYe33Xoy6JQHQ22gAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:11.756073 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aQO31zBYe33Xoy6JQHQ22wAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:11.756465 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aQO31zBYe33Xoy6JQHQ22wAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:11.756701 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aQO31zBYe33Xoy6JQHQ22wAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:37.508105 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQO38TBYe33Xoy6JQHQ3DAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:37.508381 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQO38TBYe33Xoy6JQHQ3DAAAAAM"], referer: https://www.google.com/
[Thu Oct 30 20:09:37.508598 2025] [:error] [pid 3882090] [client 13.212.120.214:48200] [client 13.212.120.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQO38TBYe33Xoy6JQHQ3DAAAAAM"], referer: https://www.google.com/
[Fri Oct 31 04:36:14.779155 2025] [:error] [pid 3895204] [client 216.81.245.142:38878] [client 216.81.245.142] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQQurnfEYHEveUY117iDWgAAAAI"]
[Fri Oct 31 04:36:14.779431 2025] [:error] [pid 3895204] [client 216.81.245.142:38878] [client 216.81.245.142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQQurnfEYHEveUY117iDWgAAAAI"]
[Fri Oct 31 04:36:14.779599 2025] [:error] [pid 3895204] [client 216.81.245.142:38878] [client 216.81.245.142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQQurnfEYHEveUY117iDWgAAAAI"]
[Sat Nov 01 04:21:19.387867 2025] [:error] [pid 3920971] [client 130.131.162.253:32844] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQV8r74dCcojC-7kHTMDswAAAAw"], referer: http://pms.test.indacotrentino.com/.env
[Sat Nov 01 04:21:19.388199 2025] [:error] [pid 3920971] [client 130.131.162.253:32844] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQV8r74dCcojC-7kHTMDswAAAAw"], referer: http://pms.test.indacotrentino.com/.env
[Sat Nov 01 04:21:19.388389 2025] [:error] [pid 3920971] [client 130.131.162.253:32844] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQV8r74dCcojC-7kHTMDswAAAAw"], referer: http://pms.test.indacotrentino.com/.env
[Sat Nov 01 04:21:19.390657 2025] [:error] [pid 3921580] [client 130.131.162.253:32858] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQV8r90lSZ32i2w189kTPQAAAAE"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat Nov 01 04:21:19.390980 2025] [:error] [pid 3921580] [client 130.131.162.253:32858] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQV8r90lSZ32i2w189kTPQAAAAE"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat Nov 01 04:21:19.391164 2025] [:error] [pid 3921580] [client 130.131.162.253:32858] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQV8r90lSZ32i2w189kTPQAAAAE"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat Nov 01 04:21:19.853254 2025] [:error] [pid 3920971] [client 130.131.162.253:32844] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQV8r74dCcojC-7kHTMDtwAAAAw"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat Nov 01 04:21:19.853546 2025] [:error] [pid 3920971] [client 130.131.162.253:32844] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQV8r74dCcojC-7kHTMDtwAAAAw"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat Nov 01 04:21:19.853721 2025] [:error] [pid 3920971] [client 130.131.162.253:32844] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQV8r74dCcojC-7kHTMDtwAAAAw"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat Nov 01 04:21:19.857896 2025] [:error] [pid 3921580] [client 130.131.162.253:32858] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQV8r90lSZ32i2w189kTQQAAAAE"], referer: http://pms.test.indacotrentino.com/.env
[Sat Nov 01 04:21:19.858126 2025] [:error] [pid 3921580] [client 130.131.162.253:32858] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQV8r90lSZ32i2w189kTQQAAAAE"], referer: http://pms.test.indacotrentino.com/.env
[Sat Nov 01 04:21:19.858274 2025] [:error] [pid 3921580] [client 130.131.162.253:32858] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQV8r90lSZ32i2w189kTQQAAAAE"], referer: http://pms.test.indacotrentino.com/.env
[Sat Nov 01 04:21:19.973555 2025] [:error] [pid 3921581] [client 130.131.162.253:32874] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQV8r48E9GZqRP38TFWiJAAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat Nov 01 04:21:19.973904 2025] [:error] [pid 3921581] [client 130.131.162.253:32874] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQV8r48E9GZqRP38TFWiJAAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat Nov 01 04:21:19.974088 2025] [:error] [pid 3921581] [client 130.131.162.253:32874] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aQV8r48E9GZqRP38TFWiJAAAAAM"], referer: http://pms.test.indacotrentino.com/wp-config.php
[Sat Nov 01 04:21:20.094846 2025] [:error] [pid 3921582] [client 130.131.162.253:32814] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQV8sB9l7NL2QvnI7bOj1QAAAAs"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat Nov 01 04:21:20.095066 2025] [:error] [pid 3921582] [client 130.131.162.253:32814] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQV8sB9l7NL2QvnI7bOj1QAAAAs"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat Nov 01 04:21:20.095211 2025] [:error] [pid 3921582] [client 130.131.162.253:32814] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aQV8sB9l7NL2QvnI7bOj1QAAAAs"], referer: http://pms.test.indacotrentino.com/.git/config
[Sat Nov 01 05:06:38.804173 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aQWHToKXGH1fLUOqf07qHgAAAAA"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat Nov 01 05:06:38.804563 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aQWHToKXGH1fLUOqf07qHgAAAAA"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat Nov 01 05:06:38.804748 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aQWHToKXGH1fLUOqf07qHgAAAAA"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat Nov 01 05:06:39.302270 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOAAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.302505 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOAAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.302672 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aQWHT0uA_OeHr14qf4ewaQAAAAQ"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat Nov 01 05:06:39.302795 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOAAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.302958 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOAAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.302960 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aQWHT0uA_OeHr14qf4ewaQAAAAQ"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat Nov 01 05:06:39.303123 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aQWHT0uA_OeHr14qf4ewaQAAAAQ"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat Nov 01 05:06:39.427978 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT0uA_OeHr14qf4ewagAAAAQ"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:06:39.428162 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT0uA_OeHr14qf4ewagAAAAQ"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:06:39.428379 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT0uA_OeHr14qf4ewagAAAAQ"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:06:39.428544 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT0uA_OeHr14qf4ewagAAAAQ"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:06:39.549098 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Warning. Matched phrase ".gitconfig" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .gitconfig found within REQUEST_FILENAME: /.gitconfig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aQWHT4KXGH1fLUOqf07qIwAAAAA"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat Nov 01 05:06:39.549338 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aQWHT4KXGH1fLUOqf07qIwAAAAA"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat Nov 01 05:06:39.549526 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitconfig"] [unique_id "aQWHT4KXGH1fLUOqf07qIwAAAAA"], referer: http://pms.test.indacotrentino.com/.gitconfig
[Sat Nov 01 05:06:39.835201 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aQWHT0uA_OeHr14qf4ewbAAAAAQ"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat Nov 01 05:06:39.835443 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aQWHT0uA_OeHr14qf4ewbAAAAAQ"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat Nov 01 05:06:39.835609 2025] [:error] [pid 3922232] [client 130.131.162.253:36398] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/composer.json"] [unique_id "aQWHT0uA_OeHr14qf4ewbAAAAAQ"], referer: http://pms.test.indacotrentino.com/composer.json
[Sat Nov 01 05:06:39.836667 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOwAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.836861 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOwAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.837069 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOwAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.837213 2025] [:error] [pid 3922231] [client 130.131.162.253:36384] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aQWHTzlbRJLy6h9FqU8XOwAAAAI"], referer: http://pms.test.indacotrentino.com/.env.bak
[Sat Nov 01 05:06:39.957173 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT4KXGH1fLUOqf07qJQAAAAA"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:06:39.957397 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT4KXGH1fLUOqf07qJQAAAAA"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:06:39.957697 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT4KXGH1fLUOqf07qJQAAAAA"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:06:39.957916 2025] [:error] [pid 3922230] [client 130.131.162.253:36418] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aQWHT4KXGH1fLUOqf07qJQAAAAA"], referer: http://pms.test.indacotrentino.com/web.config
[Sat Nov 01 05:36:27.152783 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aQWOS_Rb_33NrC84WVbEiAAAAAI"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat Nov 01 05:36:27.153156 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aQWOS_Rb_33NrC84WVbEiAAAAAI"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat Nov 01 05:36:27.153387 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aQWOS_Rb_33NrC84WVbEiAAAAAI"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat Nov 01 05:36:27.269903 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-config.js"] [unique_id "aQWOS_Rb_33NrC84WVbEiQAAAAI"], referer: http://pms.test.indacotrentino.com/.env-config.js
[Sat Nov 01 05:36:27.270210 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-config.js"] [unique_id "aQWOS_Rb_33NrC84WVbEiQAAAAI"], referer: http://pms.test.indacotrentino.com/.env-config.js
[Sat Nov 01 05:36:27.271212 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-config.js"] [unique_id "aQWOS_Rb_33NrC84WVbEiQAAAAI"], referer: http://pms.test.indacotrentino.com/.env-config.js
[Sat Nov 01 05:36:27.395255 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aQWOS_Rb_33NrC84WVbEigAAAAI"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat Nov 01 05:36:27.395548 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aQWOS_Rb_33NrC84WVbEigAAAAI"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat Nov 01 05:36:27.395753 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aQWOS_Rb_33NrC84WVbEigAAAAI"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat Nov 01 05:36:27.658517 2025] [:error] [pid 3922690] [client 130.131.162.253:33634] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQWOS__3lbuXlxdHFSS98AAAAAc"], referer: http://pms.test.indacotrentino.com/.env.js
[Sat Nov 01 05:36:27.658830 2025] [:error] [pid 3922690] [client 130.131.162.253:33634] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQWOS__3lbuXlxdHFSS98AAAAAc"], referer: http://pms.test.indacotrentino.com/.env.js
[Sat Nov 01 05:36:27.659019 2025] [:error] [pid 3922690] [client 130.131.162.253:33634] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQWOS__3lbuXlxdHFSS98AAAAAc"], referer: http://pms.test.indacotrentino.com/.env.js
[Sat Nov 01 05:36:27.968341 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aQWOS_Rb_33NrC84WVbEjQAAAAI"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat Nov 01 05:36:27.968590 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aQWOS_Rb_33NrC84WVbEjQAAAAI"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat Nov 01 05:36:27.968777 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aQWOS_Rb_33NrC84WVbEjQAAAAI"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat Nov 01 05:36:28.157554 2025] [:error] [pid 3922690] [client 130.131.162.253:33634] [client 130.131.162.253] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aQWOTP_3lbuXlxdHFSS98gAAAAc"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat Nov 01 05:36:28.157557 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-config.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-config.js"] [unique_id "aQWOTPRb_33NrC84WVbEjgAAAAI"], referer: http://pms.test.indacotrentino.com/.env-config.js
[Sat Nov 01 05:36:28.157825 2025] [:error] [pid 3922690] [client 130.131.162.253:33634] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aQWOTP_3lbuXlxdHFSS98gAAAAc"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat Nov 01 05:36:28.157827 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-config.js"] [unique_id "aQWOTPRb_33NrC84WVbEjgAAAAI"], referer: http://pms.test.indacotrentino.com/.env-config.js
[Sat Nov 01 05:36:28.157996 2025] [:error] [pid 3922690] [client 130.131.162.253:33634] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aQWOTP_3lbuXlxdHFSS98gAAAAc"], referer: http://pms.test.indacotrentino.com/.aws/credentials
[Sat Nov 01 05:36:28.158008 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env-config.js"] [unique_id "aQWOTPRb_33NrC84WVbEjgAAAAI"], referer: http://pms.test.indacotrentino.com/.env-config.js
[Sat Nov 01 05:36:28.159500 2025] [:error] [pid 3922691] [client 130.131.162.253:33614] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aQWOTKAjPtSezHL3mXea9QAAAAg"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat Nov 01 05:36:28.159721 2025] [:error] [pid 3922691] [client 130.131.162.253:33614] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aQWOTKAjPtSezHL3mXea9QAAAAg"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat Nov 01 05:36:28.159879 2025] [:error] [pid 3922691] [client 130.131.162.253:33614] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/parameters.yml"] [unique_id "aQWOTKAjPtSezHL3mXea9QAAAAg"], referer: http://pms.test.indacotrentino.com/config/parameters.yml
[Sat Nov 01 05:36:28.460438 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.js"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQWOTPRb_33NrC84WVbEkAAAAAI"], referer: http://pms.test.indacotrentino.com/.env.js
[Sat Nov 01 05:36:28.460711 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQWOTPRb_33NrC84WVbEkAAAAAI"], referer: http://pms.test.indacotrentino.com/.env.js
[Sat Nov 01 05:36:28.460888 2025] [:error] [pid 3922689] [client 130.131.162.253:33622] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.js"] [unique_id "aQWOTPRb_33NrC84WVbEkAAAAAI"], referer: http://pms.test.indacotrentino.com/.env.js
[Sat Nov 01 05:36:28.461777 2025] [:error] [pid 3922691] [client 130.131.162.253:33614] [client 130.131.162.253] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aQWOTKAjPtSezHL3mXea9wAAAAg"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat Nov 01 05:36:28.461987 2025] [:error] [pid 3922691] [client 130.131.162.253:33614] [client 130.131.162.253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aQWOTKAjPtSezHL3mXea9wAAAAg"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Sat Nov 01 05:36:28.462126 2025] [:error] [pid 3922691] [client 130.131.162.253:33614] [client 130.131.162.253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/config/parameters.yml"] [unique_id "aQWOTKAjPtSezHL3mXea9wAAAAg"], referer: http://pms.test.indacotrentino.com/app/config/parameters.yml
[Mon Nov 03 00:46:05.360984 2025] [:error] [pid 3966435] [client 176.65.148.212:43674] [client 176.65.148.212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQftPcM8BL4vmzZaAOOD6QAAAAE"]
[Mon Nov 03 00:46:05.363460 2025] [:error] [pid 3966435] [client 176.65.148.212:43674] [client 176.65.148.212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQftPcM8BL4vmzZaAOOD6QAAAAE"]
[Mon Nov 03 00:46:05.363622 2025] [:error] [pid 3966435] [client 176.65.148.212:43674] [client 176.65.148.212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQftPcM8BL4vmzZaAOOD6QAAAAE"]
[Tue Nov 04 03:56:42.758928 2025] [:error] [pid 3994285] [client 204.76.203.25:44710] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aQlrav0IK18ygWS6hem81AAAAAU"]
[Tue Nov 04 03:56:42.759210 2025] [:error] [pid 3994285] [client 204.76.203.25:44710] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aQlrav0IK18ygWS6hem81AAAAAU"]
[Tue Nov 04 03:56:42.759375 2025] [:error] [pid 3994285] [client 204.76.203.25:44710] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aQlrav0IK18ygWS6hem81AAAAAU"]
[Tue Nov 04 12:37:54.718173 2025] [:error] [pid 3995819] [client 204.76.203.25:47666] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQnlkoPL8DdHQvMuFvmiogAAAAo"]
[Tue Nov 04 12:37:54.718476 2025] [:error] [pid 3995819] [client 204.76.203.25:47666] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQnlkoPL8DdHQvMuFvmiogAAAAo"]
[Tue Nov 04 12:37:54.718663 2025] [:error] [pid 3995819] [client 204.76.203.25:47666] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQnlkoPL8DdHQvMuFvmiogAAAAo"]
[Wed Nov 05 04:54:23.238977 2025] [:error] [pid 4020886] [client 176.65.148.212:57740] [client 176.65.148.212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQrKb7E_cYygikjMt8IjfAAAAAU"]
[Wed Nov 05 04:54:23.239228 2025] [:error] [pid 4020886] [client 176.65.148.212:57740] [client 176.65.148.212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQrKb7E_cYygikjMt8IjfAAAAAU"]
[Wed Nov 05 04:54:23.239390 2025] [:error] [pid 4020886] [client 176.65.148.212:57740] [client 176.65.148.212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQrKb7E_cYygikjMt8IjfAAAAAU"]
[Wed Nov 05 12:38:31.010288 2025] [:error] [pid 4020852] [client 45.139.104.183:52676] [client 45.139.104.183] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQs3NyHDgcs_HU2djVvioQAAAAI"]
[Wed Nov 05 12:38:31.010634 2025] [:error] [pid 4020852] [client 45.139.104.183:52676] [client 45.139.104.183] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQs3NyHDgcs_HU2djVvioQAAAAI"]
[Wed Nov 05 12:38:31.010826 2025] [:error] [pid 4020852] [client 45.139.104.183:52676] [client 45.139.104.183] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQs3NyHDgcs_HU2djVvioQAAAAI"]
[Thu Nov 06 00:32:04.403041 2025] [:error] [pid 4043102] [client 45.139.104.183:57418] [client 45.139.104.183] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQvedCccahePVV866adLdwAAAAo"]
[Thu Nov 06 00:32:04.403423 2025] [:error] [pid 4043102] [client 45.139.104.183:57418] [client 45.139.104.183] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQvedCccahePVV866adLdwAAAAo"]
[Thu Nov 06 00:32:04.403629 2025] [:error] [pid 4043102] [client 45.139.104.183:57418] [client 45.139.104.183] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aQvedCccahePVV866adLdwAAAAo"]
[Sat Nov 08 02:06:17.968218 2025] [:error] [pid 4092331] [client 204.76.203.25:43984] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aQ6XiXZ2xZEMJtGDymCBOAAAAAI"]
[Sat Nov 08 02:06:17.968498 2025] [:error] [pid 4092331] [client 204.76.203.25:43984] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aQ6XiXZ2xZEMJtGDymCBOAAAAAI"]
[Sat Nov 08 02:06:17.968662 2025] [:error] [pid 4092331] [client 204.76.203.25:43984] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.gitignore"] [unique_id "aQ6XiXZ2xZEMJtGDymCBOAAAAAI"]
[Sun Nov 09 12:04:25.361391 2025] [:error] [pid 4125501] [client 176.65.148.212:60160] [client 176.65.148.212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRB1ORAovV8nduZQMtYrtgAAAAk"]
[Sun Nov 09 12:04:25.361668 2025] [:error] [pid 4125501] [client 176.65.148.212:60160] [client 176.65.148.212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRB1ORAovV8nduZQMtYrtgAAAAk"]
[Sun Nov 09 12:04:25.361855 2025] [:error] [pid 4125501] [client 176.65.148.212:60160] [client 176.65.148.212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRB1ORAovV8nduZQMtYrtgAAAAk"]
[Mon Nov 10 03:27:11.351554 2025] [:error] [pid 4146480] [client 204.76.203.25:37398] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRFNf8HX-pzvlplCoAYCYwAAAAE"]
[Mon Nov 10 03:27:11.351830 2025] [:error] [pid 4146480] [client 204.76.203.25:37398] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRFNf8HX-pzvlplCoAYCYwAAAAE"]
[Mon Nov 10 03:27:11.351998 2025] [:error] [pid 4146480] [client 204.76.203.25:37398] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRFNf8HX-pzvlplCoAYCYwAAAAE"]
[Tue Nov 11 05:34:44.840881 2025] [:error] [pid 4171502] [client 159.203.76.199:41298] [client 159.203.76.199] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRK85FsTDy9fjOoFkUk6fwAAAAA"]
[Tue Nov 11 05:34:44.841177 2025] [:error] [pid 4171502] [client 159.203.76.199:41298] [client 159.203.76.199] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRK85FsTDy9fjOoFkUk6fwAAAAA"]
[Tue Nov 11 05:34:44.841355 2025] [:error] [pid 4171502] [client 159.203.76.199:41298] [client 159.203.76.199] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aRK85FsTDy9fjOoFkUk6fwAAAAA"]
[Tue Nov 11 19:35:59.781752 2025] [:error] [pid 4187670] [client 62.60.131.162:63988] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCD_aFIbsmxi-FLcMIPQAAAAE"]
[Tue Nov 11 19:35:59.782999 2025] [:error] [pid 4187670] [client 62.60.131.162:63988] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCD_aFIbsmxi-FLcMIPQAAAAE"]
[Tue Nov 11 19:35:59.783218 2025] [:error] [pid 4187670] [client 62.60.131.162:63988] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCD_aFIbsmxi-FLcMIPQAAAAE"]
[Tue Nov 11 19:35:59.871668 2025] [:error] [pid 4182328] [client 62.60.131.162:61431] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aROCD0ItK4BSfhICLlAd0gAAAGs"]
[Tue Nov 11 19:35:59.871940 2025] [:error] [pid 4182328] [client 62.60.131.162:61431] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aROCD0ItK4BSfhICLlAd0gAAAGs"]
[Tue Nov 11 19:35:59.872113 2025] [:error] [pid 4182328] [client 62.60.131.162:61431] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aROCD0ItK4BSfhICLlAd0gAAAGs"]
[Tue Nov 11 19:36:00.001258 2025] [:error] [pid 4182356] [client 62.60.131.162:65191] [client 62.60.131.162] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEG9XYEYRjvNy502eLAAAAIc"]
[Tue Nov 11 19:36:00.001466 2025] [:error] [pid 4182356] [client 62.60.131.162:65191] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEG9XYEYRjvNy502eLAAAAIc"]
[Tue Nov 11 19:36:00.001636 2025] [:error] [pid 4182356] [client 62.60.131.162:65191] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEG9XYEYRjvNy502eLAAAAIc"]
[Tue Nov 11 19:36:00.001805 2025] [:error] [pid 4182356] [client 62.60.131.162:65191] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aROCEG9XYEYRjvNy502eLAAAAIc"]
[Tue Nov 11 19:36:00.004601 2025] [:error] [pid 4182322] [client 62.60.131.162:65209] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aROCEMigdidSJZS2nZXtrgAAAGU"]
[Tue Nov 11 19:36:00.004764 2025] [:error] [pid 4182322] [client 62.60.131.162:65209] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aROCEMigdidSJZS2nZXtrgAAAGU"]
[Tue Nov 11 19:36:00.004922 2025] [:error] [pid 4182322] [client 62.60.131.162:65209] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aROCEMigdidSJZS2nZXtrgAAAGU"]
[Tue Nov 11 19:36:00.005251 2025] [:error] [pid 4187670] [client 62.60.131.162:65158] [client 62.60.131.162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCEPaFIbsmxi-FLcMIQAAAAAE"]
[Tue Nov 11 19:36:00.005460 2025] [:error] [pid 4187670] [client 62.60.131.162:65158] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCEPaFIbsmxi-FLcMIQAAAAAE"]
[Tue Nov 11 19:36:00.005616 2025] [:error] [pid 4187670] [client 62.60.131.162:65158] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aROCEPaFIbsmxi-FLcMIQAAAAAE"]
[Tue Nov 11 19:36:00.005706 2025] [authz_core:error] [pid 4187672] [client 62.60.131.162:65211] AH01630: client denied by server configuration: /var/www/pms.test.indaco.store/www/.htaccess
[Tue Nov 11 19:36:00.022504 2025] [:error] [pid 4182328] [client 62.60.131.162:65128] [client 62.60.131.162] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aROCEEItK4BSfhICLlAd1QAAAGs"]
[Tue Nov 11 19:36:00.022801 2025] [:error] [pid 4182328] [client 62.60.131.162:65128] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aROCEEItK4BSfhICLlAd1QAAAGs"]
[Tue Nov 11 19:36:00.022985 2025] [:error] [pid 4182328] [client 62.60.131.162:65128] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aROCEEItK4BSfhICLlAd1QAAAGs"]
[Tue Nov 11 19:36:00.031856 2025] [:error] [pid 4182364] [client 62.60.131.162:65204] [client 62.60.131.162] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aROCECsl6PQGpCmoK3nmTwAAAI8"]
[Tue Nov 11 19:36:00.032276 2025] [:error] [pid 4182364] [client 62.60.131.162:65204] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aROCECsl6PQGpCmoK3nmTwAAAI8"]
[Tue Nov 11 19:36:00.032464 2025] [:error] [pid 4182364] [client 62.60.131.162:65204] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aROCECsl6PQGpCmoK3nmTwAAAI8"]
[Tue Nov 11 19:36:00.033340 2025] [:error] [pid 4182225] [client 62.60.131.162:65195] [client 62.60.131.162] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aROCEJBAYZy5YS2tcjmeWQAAABU"]
[Tue Nov 11 19:36:00.033684 2025] [:error] [pid 4182225] [client 62.60.131.162:65195] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aROCEJBAYZy5YS2tcjmeWQAAABU"]
[Tue Nov 11 19:36:00.033848 2025] [:error] [pid 4182225] [client 62.60.131.162:65195] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aROCEJBAYZy5YS2tcjmeWQAAABU"]
[Tue Nov 11 19:36:00.059023 2025] [:error] [pid 4187672] [client 62.60.131.162:65201] [client 62.60.131.162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "46"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEP9n1sJ-njZs70xwnAAAAAU"]
[Tue Nov 11 19:36:00.059083 2025] [:error] [pid 4187672] [client 62.60.131.162:65201] [client 62.60.131.162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEP9n1sJ-njZs70xwnAAAAAU"]
[Tue Nov 11 19:36:00.059130 2025] [:error] [pid 4187672] [client 62.60.131.162:65201] [client 62.60.131.162] ModSecurity: Warning. Pattern match "(?:^|[\\\\/])\\\\.\\\\.(?:[\\\\/]|$)" at REQUEST_URI. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "69"] [id "930110"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEP9n1sJ-njZs70xwnAAAAAU"]
[Tue Nov 11 19:36:00.059764 2025] [:error] [pid 4187672] [client 62.60.131.162:65201] [client 62.60.131.162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEP9n1sJ-njZs70xwnAAAAAU"]
[Tue Nov 11 19:36:00.059911 2025] [:error] [pid 4187672] [client 62.60.131.162:65201] [client 62.60.131.162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 15, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/pms"] [unique_id "aROCEP9n1sJ-njZs70xwnAAAAAU"]
[Sun Nov 16 09:53:42.596679 2025] [:error] [pid 107821] [client 204.76.203.25:32970] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRmRFp3H3z4ovC1MpeQmbgAAAA0"]
[Sun Nov 16 09:53:42.596965 2025] [:error] [pid 107821] [client 204.76.203.25:32970] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRmRFp3H3z4ovC1MpeQmbgAAAA0"]
[Sun Nov 16 09:53:42.597138 2025] [:error] [pid 107821] [client 204.76.203.25:32970] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRmRFp3H3z4ovC1MpeQmbgAAAA0"]
[Mon Nov 17 15:13:39.653964 2025] [proxy:error] [pid 135562] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Mon Nov 17 15:13:39.654005 2025] [proxy_http:error] [pid 135562] [client 176.200.23.179:49017] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Nov 17 15:14:06.007001 2025] [proxy:error] [pid 128652] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Mon Nov 17 15:14:06.007051 2025] [proxy_http:error] [pid 128652] [client 176.200.23.179:49018] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Nov 17 15:14:20.696687 2025] [proxy:error] [pid 128649] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Mon Nov 17 15:14:20.696727 2025] [proxy_http:error] [pid 128649] [client 176.200.23.179:49019] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Nov 17 15:14:28.837868 2025] [proxy:error] [pid 128666] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Mon Nov 17 15:14:28.837898 2025] [proxy_http:error] [pid 128666] [client 176.200.23.179:49022] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Nov 17 18:43:20.355033 2025] [:error] [pid 140653] [client 34.172.109.36:35300] [client 34.172.109.36] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRteuBaXTKYzaW2l3eBTcAAAADc"]
[Mon Nov 17 18:43:20.356330 2025] [:error] [pid 140653] [client 34.172.109.36:35300] [client 34.172.109.36] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRteuBaXTKYzaW2l3eBTcAAAADc"]
[Mon Nov 17 18:43:20.356483 2025] [:error] [pid 140653] [client 34.172.109.36:35300] [client 34.172.109.36] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aRteuBaXTKYzaW2l3eBTcAAAADc"]
[Tue Nov 18 11:06:44.537837 2025] [proxy:error] [pid 160906] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Tue Nov 18 11:06:44.537881 2025] [proxy_http:error] [pid 160906] [client 176.200.23.179:49289] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue Nov 18 15:20:11.784262 2025] [proxy:error] [pid 166224] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Tue Nov 18 15:20:11.784305 2025] [proxy_http:error] [pid 166224] [client 176.200.23.179:48682] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue Nov 18 15:20:26.784965 2025] [proxy:error] [pid 160906] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Tue Nov 18 15:20:26.784994 2025] [proxy_http:error] [pid 160906] [client 176.200.23.179:48683] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue Nov 18 15:20:33.455523 2025] [proxy:error] [pid 166202] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Tue Nov 18 15:20:33.455557 2025] [proxy_http:error] [pid 166202] [client 176.200.23.179:48684] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue Nov 18 15:55:21.375063 2025] [proxy:error] [pid 163656] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Tue Nov 18 15:55:21.375108 2025] [proxy_http:error] [pid 163656] [client 176.200.23.179:48722] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue Nov 18 15:55:47.685704 2025] [proxy:error] [pid 166221] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Tue Nov 18 15:55:47.685739 2025] [proxy_http:error] [pid 166221] [client 176.200.23.179:48723] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Wed Nov 19 11:34:32.542521 2025] [proxy:error] [pid 179983] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Wed Nov 19 11:34:32.542560 2025] [proxy_http:error] [pid 179983] [client 87.11.27.29:60128] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Wed Nov 19 11:34:32.544499 2025] [proxy:error] [pid 179166] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Wed Nov 19 11:34:32.544516 2025] [proxy_http:error] [pid 179166] [client 87.11.27.29:60129] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Wed Nov 19 11:37:14.353781 2025] [proxy:error] [pid 178792] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Wed Nov 19 11:37:14.353814 2025] [proxy_http:error] [pid 178792] [client 87.11.27.29:49165] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Wed Nov 19 11:37:14.390583 2025] [proxy:error] [pid 184362] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Wed Nov 19 11:37:14.390616 2025] [proxy_http:error] [pid 184362] [client 87.11.27.29:49164] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Wed Nov 19 11:38:45.770602 2025] [proxy:error] [pid 179166] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Wed Nov 19 11:38:45.770634 2025] [proxy_http:error] [pid 179166] [client 87.11.27.29:54571] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Wed Nov 19 11:38:45.774517 2025] [proxy:error] [pid 179983] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:3005 (127.0.0.1:3005) failed
[Wed Nov 19 11:38:45.774535 2025] [proxy_http:error] [pid 179983] [client 87.11.27.29:54572] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon Nov 24 05:15:57.467711 2025] [:error] [pid 289434] [client 195.178.110.223:39426] [client 195.178.110.223] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSPb_Ukegqg-SpMlpG6ZbAAAAAU"]
[Mon Nov 24 05:15:57.468687 2025] [:error] [pid 289434] [client 195.178.110.223:39426] [client 195.178.110.223] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSPb_Ukegqg-SpMlpG6ZbAAAAAU"]
[Mon Nov 24 05:15:57.468882 2025] [:error] [pid 289434] [client 195.178.110.223:39426] [client 195.178.110.223] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSPb_Ukegqg-SpMlpG6ZbAAAAAU"]
[Mon Nov 24 10:42:30.312154 2025] [:error] [pid 289420] [client 65.0.122.37:50172] [client 65.0.122.37] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSQohtYYOaaNfnpwja-OEwAAAAE"]
[Mon Nov 24 10:42:30.312516 2025] [:error] [pid 289420] [client 65.0.122.37:50172] [client 65.0.122.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSQohtYYOaaNfnpwja-OEwAAAAE"]
[Mon Nov 24 10:42:30.313212 2025] [:error] [pid 289420] [client 65.0.122.37:50172] [client 65.0.122.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSQohtYYOaaNfnpwja-OEwAAAAE"]
[Mon Nov 24 11:27:37.397464 2025] [:error] [pid 289421] [client 65.0.122.37:55172] [client 65.0.122.37] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSQzGcL1iBXL_RQpp4IGGgAAAAI"]
[Mon Nov 24 11:27:37.397720 2025] [:error] [pid 289421] [client 65.0.122.37:55172] [client 65.0.122.37] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSQzGcL1iBXL_RQpp4IGGgAAAAI"]
[Mon Nov 24 11:27:37.397919 2025] [:error] [pid 289421] [client 65.0.122.37:55172] [client 65.0.122.37] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSQzGcL1iBXL_RQpp4IGGgAAAAI"]
[Mon Nov 24 14:21:10.157601 2025] [:error] [pid 289421] [client 45.144.212.58:39702] [client 45.144.212.58] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSRbxsL1iBXL_RQpp4IGQQAAAAI"]
[Mon Nov 24 14:21:10.157922 2025] [:error] [pid 289421] [client 45.144.212.58:39702] [client 45.144.212.58] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSRbxsL1iBXL_RQpp4IGQQAAAAI"]
[Mon Nov 24 14:21:10.158109 2025] [:error] [pid 289421] [client 45.144.212.58:39702] [client 45.144.212.58] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSRbxsL1iBXL_RQpp4IGQQAAAAI"]
[Wed Nov 26 10:20:08.297757 2025] [:error] [pid 336734] [client 162.158.87.188:13598] [client 162.158.87.188] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSbGSMVzR697olltB6JkmwAAAA8"]
[Wed Nov 26 10:20:08.298142 2025] [:error] [pid 336734] [client 162.158.87.188:13598] [client 162.158.87.188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSbGSMVzR697olltB6JkmwAAAA8"]
[Wed Nov 26 10:20:08.298370 2025] [:error] [pid 336734] [client 162.158.87.188:13598] [client 162.158.87.188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSbGSMVzR697olltB6JkmwAAAA8"]
[Thu Nov 27 21:11:43.569678 2025] [:error] [pid 362070] [client 3.96.197.169:50570] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSiwf37GWRIORDaPTtG7MQAAAAs"]
[Thu Nov 27 21:11:43.569922 2025] [:error] [pid 362070] [client 3.96.197.169:50570] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSiwf37GWRIORDaPTtG7MQAAAAs"]
[Thu Nov 27 21:11:43.570705 2025] [:error] [pid 362070] [client 3.96.197.169:50570] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSiwf37GWRIORDaPTtG7MQAAAAs"]
[Thu Nov 27 21:11:43.708012 2025] [:error] [pid 364938] [client 3.96.197.169:50572] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSiwf1EFdTVEtgaNa5gxGgAAAAc"]
[Thu Nov 27 21:11:43.708240 2025] [:error] [pid 364938] [client 3.96.197.169:50572] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSiwf1EFdTVEtgaNa5gxGgAAAAc"]
[Thu Nov 27 21:11:43.708419 2025] [:error] [pid 364938] [client 3.96.197.169:50572] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSiwf1EFdTVEtgaNa5gxGgAAAAc"]
[Thu Nov 27 21:11:43.709956 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSiwf-_UStX-GTeIAe_vCQAAAAY"]
[Thu Nov 27 21:11:43.710135 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSiwf-_UStX-GTeIAe_vCQAAAAY"]
[Thu Nov 27 21:11:43.710293 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSiwf-_UStX-GTeIAe_vCQAAAAY"]
[Thu Nov 27 21:11:44.714093 2025] [:error] [pid 362069] [client 3.96.197.169:50674] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSiwgLt0j3LvN_HNhHWZHQAAAAo"]
[Thu Nov 27 21:11:44.714382 2025] [:error] [pid 362069] [client 3.96.197.169:50674] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSiwgLt0j3LvN_HNhHWZHQAAAAo"]
[Thu Nov 27 21:11:44.714556 2025] [:error] [pid 362069] [client 3.96.197.169:50674] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSiwgLt0j3LvN_HNhHWZHQAAAAo"]
[Thu Nov 27 21:11:45.544912 2025] [:error] [pid 353187] [client 3.96.197.169:50798] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSiwgXjjVMPW7zDRgsawewAAAAM"]
[Thu Nov 27 21:11:45.545138 2025] [:error] [pid 353187] [client 3.96.197.169:50798] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSiwgXjjVMPW7zDRgsawewAAAAM"]
[Thu Nov 27 21:11:45.545319 2025] [:error] [pid 353187] [client 3.96.197.169:50798] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSiwgXjjVMPW7zDRgsawewAAAAM"]
[Thu Nov 27 21:11:45.789681 2025] [:error] [pid 364939] [client 3.96.197.169:50800] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSiwgRr_ze0xmC_DyvfLdgAAAA0"]
[Thu Nov 27 21:11:45.790015 2025] [:error] [pid 364939] [client 3.96.197.169:50800] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSiwgRr_ze0xmC_DyvfLdgAAAA0"]
[Thu Nov 27 21:11:45.790253 2025] [:error] [pid 364939] [client 3.96.197.169:50800] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSiwgRr_ze0xmC_DyvfLdgAAAA0"]
[Thu Nov 27 21:11:45.791545 2025] [:error] [pid 353188] [client 3.96.197.169:50796] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSiwgT4fHjXDucK3GWvWzwAAAAQ"]
[Thu Nov 27 21:11:45.791560 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSiwgXTG8IrOxOxezX5A7wAAAAE"]
[Thu Nov 27 21:11:45.791741 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSiwgXTG8IrOxOxezX5A7wAAAAE"]
[Thu Nov 27 21:11:45.791780 2025] [:error] [pid 353188] [client 3.96.197.169:50796] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSiwgT4fHjXDucK3GWvWzwAAAAQ"]
[Thu Nov 27 21:11:45.791910 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSiwgXTG8IrOxOxezX5A7wAAAAE"]
[Thu Nov 27 21:11:45.791929 2025] [:error] [pid 353188] [client 3.96.197.169:50796] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSiwgT4fHjXDucK3GWvWzwAAAAQ"]
[Thu Nov 27 21:11:45.792822 2025] [:error] [pid 353186] [client 3.96.197.169:50802] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSiwgSOJA5NFmjDGU5hIXQAAAAI"]
[Thu Nov 27 21:11:45.792972 2025] [:error] [pid 353186] [client 3.96.197.169:50802] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSiwgSOJA5NFmjDGU5hIXQAAAAI"]
[Thu Nov 27 21:11:45.793127 2025] [:error] [pid 353186] [client 3.96.197.169:50802] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSiwgSOJA5NFmjDGU5hIXQAAAAI"]
[Thu Nov 27 21:11:45.793986 2025] [:error] [pid 360200] [client 3.96.197.169:50804] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSiwgQQeQhonID1lme2zJwAAAAk"]
[Thu Nov 27 21:11:45.794121 2025] [:error] [pid 360200] [client 3.96.197.169:50804] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSiwgQQeQhonID1lme2zJwAAAAk"]
[Thu Nov 27 21:11:45.794263 2025] [:error] [pid 360200] [client 3.96.197.169:50804] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSiwgQQeQhonID1lme2zJwAAAAk"]
[Thu Nov 27 21:11:46.467123 2025] [:error] [pid 370269] [client 3.96.197.169:50920] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSiwghiSlIjWBzVa8TIEywAAAAA"]
[Thu Nov 27 21:11:46.467386 2025] [:error] [pid 370269] [client 3.96.197.169:50920] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSiwghiSlIjWBzVa8TIEywAAAAA"]
[Thu Nov 27 21:11:46.467600 2025] [:error] [pid 370269] [client 3.96.197.169:50920] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSiwghiSlIjWBzVa8TIEywAAAAA"]
[Thu Nov 27 21:11:48.064390 2025] [:error] [pid 370272] [client 3.96.197.169:50922] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSiwhAvqXKc5vwFPp-nFjQAAAAg"]
[Thu Nov 27 21:11:48.064649 2025] [:error] [pid 370272] [client 3.96.197.169:50922] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSiwhAvqXKc5vwFPp-nFjQAAAAg"]
[Thu Nov 27 21:11:48.064849 2025] [:error] [pid 370272] [client 3.96.197.169:50922] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSiwhAvqXKc5vwFPp-nFjQAAAAg"]
[Thu Nov 27 21:11:48.066579 2025] [:error] [pid 370271] [client 3.96.197.169:50924] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSiwhGEEsrGncgXV8Wj-7QAAAAU"]
[Thu Nov 27 21:11:48.066787 2025] [:error] [pid 370271] [client 3.96.197.169:50924] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSiwhGEEsrGncgXV8Wj-7QAAAAU"]
[Thu Nov 27 21:11:48.066955 2025] [:error] [pid 370271] [client 3.96.197.169:50924] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSiwhGEEsrGncgXV8Wj-7QAAAAU"]
[Thu Nov 27 21:11:48.506528 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSiwhO_UStX-GTeIAe_vCgAAAAY"]
[Thu Nov 27 21:11:48.506747 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSiwhO_UStX-GTeIAe_vCgAAAAY"]
[Thu Nov 27 21:11:48.506933 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSiwhO_UStX-GTeIAe_vCgAAAAY"]
[Thu Nov 27 21:11:48.507721 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSiwhDVrO3naRdRptuRQnQAAAA4"]
[Thu Nov 27 21:11:48.507960 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSiwhDVrO3naRdRptuRQnQAAAA4"]
[Thu Nov 27 21:11:48.508147 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSiwhDVrO3naRdRptuRQnQAAAA4"]
[Thu Nov 27 21:11:49.595310 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSiwhXTG8IrOxOxezX5A8AAAAAE"]
[Thu Nov 27 21:11:49.595545 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSiwhXTG8IrOxOxezX5A8AAAAAE"]
[Thu Nov 27 21:11:49.595728 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSiwhXTG8IrOxOxezX5A8AAAAAE"]
[Thu Nov 27 21:11:50.158447 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSiwhu_UStX-GTeIAe_vCwAAAAY"]
[Thu Nov 27 21:11:50.158661 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSiwhu_UStX-GTeIAe_vCwAAAAY"]
[Thu Nov 27 21:11:50.158849 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSiwhu_UStX-GTeIAe_vCwAAAAY"]
[Thu Nov 27 21:11:50.609053 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSiwhnTG8IrOxOxezX5A8QAAAAE"]
[Thu Nov 27 21:11:50.609361 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSiwhnTG8IrOxOxezX5A8QAAAAE"]
[Thu Nov 27 21:11:50.609615 2025] [:error] [pid 353185] [client 3.96.197.169:50806] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSiwhnTG8IrOxOxezX5A8QAAAAE"]
[Thu Nov 27 21:11:50.915410 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSiwhu_UStX-GTeIAe_vDAAAAAY"]
[Thu Nov 27 21:11:50.915632 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSiwhu_UStX-GTeIAe_vDAAAAAY"]
[Thu Nov 27 21:11:50.915819 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSiwhu_UStX-GTeIAe_vDAAAAAY"]
[Thu Nov 27 21:11:51.373444 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSiwhzVrO3naRdRptuRQngAAAA4"]
[Thu Nov 27 21:11:51.373690 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSiwhzVrO3naRdRptuRQngAAAA4"]
[Thu Nov 27 21:11:51.373892 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSiwhzVrO3naRdRptuRQngAAAA4"]
[Thu Nov 27 21:11:51.731567 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSiwh-_UStX-GTeIAe_vDQAAAAY"]
[Thu Nov 27 21:11:51.731814 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSiwh-_UStX-GTeIAe_vDQAAAAY"]
[Thu Nov 27 21:11:51.732094 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSiwh-_UStX-GTeIAe_vDQAAAAY"]
[Thu Nov 27 21:11:52.085865 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSiwiDVrO3naRdRptuRQnwAAAA4"]
[Thu Nov 27 21:11:52.086100 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSiwiDVrO3naRdRptuRQnwAAAA4"]
[Thu Nov 27 21:11:52.086297 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSiwiDVrO3naRdRptuRQnwAAAA4"]
[Thu Nov 27 21:11:54.170957 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSiwijVrO3naRdRptuRQoQAAAA4"]
[Thu Nov 27 21:11:54.171166 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSiwijVrO3naRdRptuRQoQAAAA4"]
[Thu Nov 27 21:11:54.171379 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSiwijVrO3naRdRptuRQoQAAAA4"]
[Thu Nov 27 21:11:54.600686 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSiwijVrO3naRdRptuRQogAAAA4"]
[Thu Nov 27 21:11:54.600954 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSiwijVrO3naRdRptuRQogAAAA4"]
[Thu Nov 27 21:11:54.602003 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSiwijVrO3naRdRptuRQogAAAA4"]
[Thu Nov 27 21:11:54.787320 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSiwiu_UStX-GTeIAe_vDwAAAAY"]
[Thu Nov 27 21:11:54.787545 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSiwiu_UStX-GTeIAe_vDwAAAAY"]
[Thu Nov 27 21:11:54.787730 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSiwiu_UStX-GTeIAe_vDwAAAAY"]
[Thu Nov 27 21:11:55.168864 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSiwizVrO3naRdRptuRQowAAAA4"]
[Thu Nov 27 21:11:55.169079 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSiwizVrO3naRdRptuRQowAAAA4"]
[Thu Nov 27 21:11:55.169297 2025] [:error] [pid 370274] [client 3.96.197.169:51078] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSiwizVrO3naRdRptuRQowAAAA4"]
[Thu Nov 27 21:11:55.172499 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSiwi-_UStX-GTeIAe_vEAAAAAY"]
[Thu Nov 27 21:11:55.172685 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSiwi-_UStX-GTeIAe_vEAAAAAY"]
[Thu Nov 27 21:11:55.172877 2025] [:error] [pid 354739] [client 3.96.197.169:50574] [client 3.96.197.169] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSiwi-_UStX-GTeIAe_vEAAAAAY"]
[Fri Nov 28 23:11:01.894007 2025] [:error] [pid 393308] [client 104.196.116.79:35340] [client 104.196.116.79] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSod9a-Idoxz20B0R39VHQAAAAI"]
[Fri Nov 28 23:11:01.894215 2025] [:error] [pid 393308] [client 104.196.116.79:35340] [client 104.196.116.79] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSod9a-Idoxz20B0R39VHQAAAAI"]
[Fri Nov 28 23:11:01.894473 2025] [:error] [pid 393308] [client 104.196.116.79:35340] [client 104.196.116.79] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSod9a-Idoxz20B0R39VHQAAAAI"]
[Sat Nov 29 01:50:44.761304 2025] [:error] [pid 395858] [client 213.209.157.81:60854] [client 213.209.157.81] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSpDZFonenFtamV5yHYc_QAAAAI"]
[Sat Nov 29 01:50:44.761567 2025] [:error] [pid 395858] [client 213.209.157.81:60854] [client 213.209.157.81] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSpDZFonenFtamV5yHYc_QAAAAI"]
[Sat Nov 29 01:50:44.761759 2025] [:error] [pid 395858] [client 213.209.157.81:60854] [client 213.209.157.81] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSpDZFonenFtamV5yHYc_QAAAAI"]
[Sat Nov 29 02:41:11.285691 2025] [:error] [pid 396955] [client 195.178.110.155:42236] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSpPN-KnXhOcMLhGvoBlfwAAAAc"]
[Sat Nov 29 02:41:11.285924 2025] [:error] [pid 396955] [client 195.178.110.155:42236] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSpPN-KnXhOcMLhGvoBlfwAAAAc"]
[Sat Nov 29 02:41:11.286116 2025] [:error] [pid 396955] [client 195.178.110.155:42236] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSpPN-KnXhOcMLhGvoBlfwAAAAc"]
[Sat Nov 29 02:41:17.837862 2025] [:error] [pid 395885] [client 195.178.110.155:42246] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSpPPSl2_ayZcB2mSooNegAAAAk"]
[Sat Nov 29 02:41:17.838092 2025] [:error] [pid 395885] [client 195.178.110.155:42246] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSpPPSl2_ayZcB2mSooNegAAAAk"]
[Sat Nov 29 02:41:17.838284 2025] [:error] [pid 395885] [client 195.178.110.155:42246] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSpPPSl2_ayZcB2mSooNegAAAAk"]
[Sat Nov 29 02:41:17.859792 2025] [:error] [pid 395885] [client 195.178.110.155:42246] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSpPPSl2_ayZcB2mSooNewAAAAk"]
[Sat Nov 29 02:41:17.860031 2025] [:error] [pid 395885] [client 195.178.110.155:42246] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSpPPSl2_ayZcB2mSooNewAAAAk"]
[Sat Nov 29 02:41:17.860217 2025] [:error] [pid 395885] [client 195.178.110.155:42246] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSpPPSl2_ayZcB2mSooNewAAAAk"]
[Sat Nov 29 02:41:22.008001 2025] [:error] [pid 395860] [client 195.178.110.155:42224] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSpPQmGVbW32jAuRdZj-OwAAAAY"]
[Sat Nov 29 02:41:22.008235 2025] [:error] [pid 395860] [client 195.178.110.155:42224] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSpPQmGVbW32jAuRdZj-OwAAAAY"]
[Sat Nov 29 02:41:22.008433 2025] [:error] [pid 395860] [client 195.178.110.155:42224] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSpPQmGVbW32jAuRdZj-OwAAAAY"]
[Sat Nov 29 02:41:39.224844 2025] [:error] [pid 395881] [client 195.178.110.155:52406] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSpPU7VL27gtiM4DUrnKqAAAAAM"]
[Sat Nov 29 02:41:39.225086 2025] [:error] [pid 395881] [client 195.178.110.155:52406] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSpPU7VL27gtiM4DUrnKqAAAAAM"]
[Sat Nov 29 02:41:39.225269 2025] [:error] [pid 395881] [client 195.178.110.155:52406] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSpPU7VL27gtiM4DUrnKqAAAAAM"]
[Sat Nov 29 02:41:44.416499 2025] [:error] [pid 396956] [client 195.178.110.155:52410] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPWItKufSJfVuSdY3iyQAAAAo"]
[Sat Nov 29 02:41:44.416754 2025] [:error] [pid 396956] [client 195.178.110.155:52410] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPWItKufSJfVuSdY3iyQAAAAo"]
[Sat Nov 29 02:41:44.416948 2025] [:error] [pid 396956] [client 195.178.110.155:52410] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPWItKufSJfVuSdY3iyQAAAAo"]
[Sat Nov 29 02:41:49.624434 2025] [:error] [pid 395859] [client 195.178.110.155:45300] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPXVoA1e4Hc_0ExRYahgAAAAU"]
[Sat Nov 29 02:41:49.625966 2025] [:error] [pid 395859] [client 195.178.110.155:45300] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPXVoA1e4Hc_0ExRYahgAAAAU"]
[Sat Nov 29 02:41:49.626159 2025] [:error] [pid 395859] [client 195.178.110.155:45300] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPXVoA1e4Hc_0ExRYahgAAAAU"]
[Sat Nov 29 02:41:54.736853 2025] [:error] [pid 396954] [client 195.178.110.155:45324] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPYpN6k15eICFuqzfsFgAAAAQ"]
[Sat Nov 29 02:41:54.738160 2025] [:error] [pid 396954] [client 195.178.110.155:45324] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPYpN6k15eICFuqzfsFgAAAAQ"]
[Sat Nov 29 02:41:54.738396 2025] [:error] [pid 396954] [client 195.178.110.155:45324] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSpPYpN6k15eICFuqzfsFgAAAAQ"]
[Sat Nov 29 02:41:54.796310 2025] [:error] [pid 396954] [client 195.178.110.155:45324] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aSpPYpN6k15eICFuqzfsFwAAAAQ"]
[Sat Nov 29 02:41:54.796541 2025] [:error] [pid 396954] [client 195.178.110.155:45324] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aSpPYpN6k15eICFuqzfsFwAAAAQ"]
[Sat Nov 29 02:41:54.796727 2025] [:error] [pid 396954] [client 195.178.110.155:45324] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aSpPYpN6k15eICFuqzfsFwAAAAQ"]
[Sat Nov 29 02:41:57.772861 2025] [:error] [pid 396955] [client 195.178.110.155:45336] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aSpPZeKnXhOcMLhGvoBlgAAAAAc"]
[Sat Nov 29 02:41:57.773118 2025] [:error] [pid 396955] [client 195.178.110.155:45336] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aSpPZeKnXhOcMLhGvoBlgAAAAAc"]
[Sat Nov 29 02:41:57.773308 2025] [:error] [pid 396955] [client 195.178.110.155:45336] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.live"] [unique_id "aSpPZeKnXhOcMLhGvoBlgAAAAAc"]
[Sat Nov 29 02:42:02.855524 2025] [:error] [pid 395885] [client 195.178.110.155:59264] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPail2_ayZcB2mSooNfAAAAAk"]
[Sat Nov 29 02:42:02.855864 2025] [:error] [pid 395885] [client 195.178.110.155:59264] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPail2_ayZcB2mSooNfAAAAAk"]
[Sat Nov 29 02:42:02.856097 2025] [:error] [pid 395885] [client 195.178.110.155:59264] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPail2_ayZcB2mSooNfAAAAAk"]
[Sat Nov 29 02:42:09.266438 2025] [:error] [pid 395887] [client 195.178.110.155:50228] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPcTRmtvrSM4WZBRuJ9wAAAAs"]
[Sat Nov 29 02:42:09.266700 2025] [:error] [pid 395887] [client 195.178.110.155:50228] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPcTRmtvrSM4WZBRuJ9wAAAAs"]
[Sat Nov 29 02:42:09.266916 2025] [:error] [pid 395887] [client 195.178.110.155:50228] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPcTRmtvrSM4WZBRuJ9wAAAAs"]
[Sat Nov 29 02:42:16.786690 2025] [:error] [pid 396956] [client 195.178.110.155:49836] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secret"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPeItKufSJfVuSdY3iygAAAAo"]
[Sat Nov 29 02:42:16.786925 2025] [:error] [pid 396956] [client 195.178.110.155:49836] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPeItKufSJfVuSdY3iygAAAAo"]
[Sat Nov 29 02:42:16.787115 2025] [:error] [pid 396956] [client 195.178.110.155:49836] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secret"] [unique_id "aSpPeItKufSJfVuSdY3iygAAAAo"]
[Sat Nov 29 02:42:23.579710 2025] [:error] [pid 395859] [client 195.178.110.155:49852] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secrets"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aSpPf1oA1e4Hc_0ExRYahwAAAAU"]
[Sat Nov 29 02:42:23.579949 2025] [:error] [pid 395859] [client 195.178.110.155:49852] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aSpPf1oA1e4Hc_0ExRYahwAAAAU"]
[Sat Nov 29 02:42:23.580142 2025] [:error] [pid 395859] [client 195.178.110.155:49852] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aSpPf1oA1e4Hc_0ExRYahwAAAAU"]
[Sat Nov 29 02:42:31.085133 2025] [:error] [pid 396954] [client 195.178.110.155:53226] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.secrets"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aSpPh5N6k15eICFuqzfsGAAAAAQ"]
[Sat Nov 29 02:42:31.085393 2025] [:error] [pid 396954] [client 195.178.110.155:53226] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aSpPh5N6k15eICFuqzfsGAAAAAQ"]
[Sat Nov 29 02:42:31.085573 2025] [:error] [pid 396954] [client 195.178.110.155:53226] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.secrets"] [unique_id "aSpPh5N6k15eICFuqzfsGAAAAAQ"]
[Sat Nov 29 02:42:40.562381 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.private"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "aSpPkCl2_ayZcB2mSooNfQAAAAk"]
[Sat Nov 29 02:42:40.562736 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "aSpPkCl2_ayZcB2mSooNfQAAAAk"]
[Sat Nov 29 02:42:40.562998 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.private"] [unique_id "aSpPkCl2_ayZcB2mSooNfQAAAAk"]
[Sat Nov 29 02:42:40.625113 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSpPkCl2_ayZcB2mSooNfgAAAAk"]
[Sat Nov 29 02:42:40.625236 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSpPkCl2_ayZcB2mSooNfgAAAAk"]
[Sat Nov 29 02:42:40.625446 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSpPkCl2_ayZcB2mSooNfgAAAAk"]
[Sat Nov 29 02:42:40.625638 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSpPkCl2_ayZcB2mSooNfgAAAAk"]
[Sat Nov 29 02:42:40.660617 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSpPkCl2_ayZcB2mSooNfwAAAAk"]
[Sat Nov 29 02:42:40.660760 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSpPkCl2_ayZcB2mSooNfwAAAAk"]
[Sat Nov 29 02:42:40.660980 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSpPkCl2_ayZcB2mSooNfwAAAAk"]
[Sat Nov 29 02:42:40.661186 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSpPkCl2_ayZcB2mSooNfwAAAAk"]
[Sat Nov 29 02:42:40.710263 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSpPkCl2_ayZcB2mSooNgAAAAAk"]
[Sat Nov 29 02:42:40.710433 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSpPkCl2_ayZcB2mSooNgAAAAAk"]
[Sat Nov 29 02:42:40.710669 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSpPkCl2_ayZcB2mSooNgAAAAAk"]
[Sat Nov 29 02:42:40.710881 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSpPkCl2_ayZcB2mSooNgAAAAAk"]
[Sat Nov 29 02:42:41.754183 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSpPkSl2_ayZcB2mSooNgQAAAAk"]
[Sat Nov 29 02:42:41.754467 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSpPkSl2_ayZcB2mSooNgQAAAAk"]
[Sat Nov 29 02:42:41.754698 2025] [:error] [pid 395885] [client 195.178.110.155:46298] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSpPkSl2_ayZcB2mSooNgQAAAAk"]
[Sat Nov 29 02:42:46.728289 2025] [:error] [pid 395860] [client 195.178.110.155:45296] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSpPlmGVbW32jAuRdZj-PAAAAAY"]
[Sat Nov 29 02:42:46.728538 2025] [:error] [pid 395860] [client 195.178.110.155:45296] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSpPlmGVbW32jAuRdZj-PAAAAAY"]
[Sat Nov 29 02:42:46.728747 2025] [:error] [pid 395860] [client 195.178.110.155:45296] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSpPlmGVbW32jAuRdZj-PAAAAAY"]
[Sat Nov 29 02:42:46.872877 2025] [:error] [pid 395887] [client 195.178.110.155:45310] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aSpPljRmtvrSM4WZBRuJ-AAAAAs"]
[Sat Nov 29 02:42:46.873136 2025] [:error] [pid 395887] [client 195.178.110.155:45310] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aSpPljRmtvrSM4WZBRuJ-AAAAAs"]
[Sat Nov 29 02:42:46.873323 2025] [:error] [pid 395887] [client 195.178.110.155:45310] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env_sample"] [unique_id "aSpPljRmtvrSM4WZBRuJ-AAAAAs"]
[Sat Nov 29 02:42:46.906583 2025] [:error] [pid 395887] [client 195.178.110.155:45310] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSpPljRmtvrSM4WZBRuJ-QAAAAs"]
[Sat Nov 29 02:42:46.906839 2025] [:error] [pid 395887] [client 195.178.110.155:45310] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSpPljRmtvrSM4WZBRuJ-QAAAAs"]
[Sat Nov 29 02:42:46.907032 2025] [:error] [pid 395887] [client 195.178.110.155:45310] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSpPljRmtvrSM4WZBRuJ-QAAAAs"]
[Sat Nov 29 02:42:46.985497 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aSpPlrVL27gtiM4DUrnKqQAAAAM"]
[Sat Nov 29 02:42:46.985744 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aSpPlrVL27gtiM4DUrnKqQAAAAM"]
[Sat Nov 29 02:42:46.985919 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.stage"] [unique_id "aSpPlrVL27gtiM4DUrnKqQAAAAM"]
[Sat Nov 29 02:42:47.041374 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSpPl7VL27gtiM4DUrnKqgAAAAM"]
[Sat Nov 29 02:42:47.041611 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSpPl7VL27gtiM4DUrnKqgAAAAM"]
[Sat Nov 29 02:42:47.041811 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSpPl7VL27gtiM4DUrnKqgAAAAM"]
[Sat Nov 29 02:42:47.103679 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSpPl7VL27gtiM4DUrnKqwAAAAM"]
[Sat Nov 29 02:42:47.103801 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSpPl7VL27gtiM4DUrnKqwAAAAM"]
[Sat Nov 29 02:42:47.104009 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSpPl7VL27gtiM4DUrnKqwAAAAM"]
[Sat Nov 29 02:42:47.104189 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSpPl7VL27gtiM4DUrnKqwAAAAM"]
[Sat Nov 29 02:42:47.141330 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aSpPl7VL27gtiM4DUrnKrAAAAAM"]
[Sat Nov 29 02:42:47.141574 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aSpPl7VL27gtiM4DUrnKrAAAAAM"]
[Sat Nov 29 02:42:47.141761 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aSpPl7VL27gtiM4DUrnKrAAAAAM"]
[Sat Nov 29 02:42:47.163450 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrQAAAAM"]
[Sat Nov 29 02:42:47.163677 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrQAAAAM"]
[Sat Nov 29 02:42:47.163866 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/portal/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrQAAAAM"]
[Sat Nov 29 02:42:47.185890 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrgAAAAM"]
[Sat Nov 29 02:42:47.186126 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrgAAAAM"]
[Sat Nov 29 02:42:47.186328 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/env/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrgAAAAM"]
[Sat Nov 29 02:42:47.423993 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrwAAAAM"]
[Sat Nov 29 02:42:47.424230 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrwAAAAM"]
[Sat Nov 29 02:42:47.424449 2025] [:error] [pid 395881] [client 195.178.110.155:45326] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSpPl7VL27gtiM4DUrnKrwAAAAM"]
[Sat Nov 29 02:42:47.876759 2025] [:error] [pid 396956] [client 195.178.110.155:45328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSpPl4tKufSJfVuSdY3iywAAAAo"]
[Sat Nov 29 02:42:47.877031 2025] [:error] [pid 396956] [client 195.178.110.155:45328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSpPl4tKufSJfVuSdY3iywAAAAo"]
[Sat Nov 29 02:42:47.877208 2025] [:error] [pid 396956] [client 195.178.110.155:45328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSpPl4tKufSJfVuSdY3iywAAAAo"]
[Sat Nov 29 02:42:48.002680 2025] [:error] [pid 396956] [client 195.178.110.155:45328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aSpPmItKufSJfVuSdY3izAAAAAo"]
[Sat Nov 29 02:42:48.002909 2025] [:error] [pid 396956] [client 195.178.110.155:45328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aSpPmItKufSJfVuSdY3izAAAAAo"]
[Sat Nov 29 02:42:48.003112 2025] [:error] [pid 396956] [client 195.178.110.155:45328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dev/.env"] [unique_id "aSpPmItKufSJfVuSdY3izAAAAAo"]
[Sat Nov 29 02:42:54.189548 2025] [:error] [pid 395859] [client 195.178.110.155:45366] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSpPnloA1e4Hc_0ExRYaiAAAAAU"]
[Sat Nov 29 02:42:54.189782 2025] [:error] [pid 395859] [client 195.178.110.155:45366] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSpPnloA1e4Hc_0ExRYaiAAAAAU"]
[Sat Nov 29 02:42:54.189995 2025] [:error] [pid 395859] [client 195.178.110.155:45366] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSpPnloA1e4Hc_0ExRYaiAAAAAU"]
[Sat Nov 29 02:43:01.706710 2025] [:error] [pid 396954] [client 195.178.110.155:56088] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSpPpZN6k15eICFuqzfsGQAAAAQ"]
[Sat Nov 29 02:43:01.706951 2025] [:error] [pid 396954] [client 195.178.110.155:56088] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSpPpZN6k15eICFuqzfsGQAAAAQ"]
[Sat Nov 29 02:43:01.707138 2025] [:error] [pid 396954] [client 195.178.110.155:56088] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/prod/.env"] [unique_id "aSpPpZN6k15eICFuqzfsGQAAAAQ"]
[Sat Nov 29 02:43:07.976865 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aSpPqyl2_ayZcB2mSooNggAAAAk"]
[Sat Nov 29 02:43:07.977972 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aSpPqyl2_ayZcB2mSooNggAAAAk"]
[Sat Nov 29 02:43:07.978244 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/live/.env"] [unique_id "aSpPqyl2_ayZcB2mSooNggAAAAk"]
[Sat Nov 29 02:43:11.073306 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /payment/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/payment/.env"] [unique_id "aSpPryl2_ayZcB2mSooNgwAAAAk"]
[Sat Nov 29 02:43:11.073537 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/payment/.env"] [unique_id "aSpPryl2_ayZcB2mSooNgwAAAAk"]
[Sat Nov 29 02:43:11.073727 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/payment/.env"] [unique_id "aSpPryl2_ayZcB2mSooNgwAAAAk"]
[Sat Nov 29 02:43:11.096102 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /checkout/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/checkout/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhAAAAAk"]
[Sat Nov 29 02:43:11.096339 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/checkout/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhAAAAAk"]
[Sat Nov 29 02:43:11.096552 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/checkout/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhAAAAAk"]
[Sat Nov 29 02:43:11.118117 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/stripe/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhQAAAAk"]
[Sat Nov 29 02:43:11.118383 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/stripe/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhQAAAAk"]
[Sat Nov 29 02:43:11.118587 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/stripe/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhQAAAAk"]
[Sat Nov 29 02:43:11.140345 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /billing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/billing/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhgAAAAk"]
[Sat Nov 29 02:43:11.140580 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/billing/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhgAAAAk"]
[Sat Nov 29 02:43:11.140762 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/billing/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhgAAAAk"]
[Sat Nov 29 02:43:11.224135 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhwAAAAk"]
[Sat Nov 29 02:43:11.224365 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhwAAAAk"]
[Sat Nov 29 02:43:11.224560 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env"] [unique_id "aSpPryl2_ayZcB2mSooNhwAAAAk"]
[Sat Nov 29 02:43:11.300523 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aSpPryl2_ayZcB2mSooNiAAAAAk"]
[Sat Nov 29 02:43:11.300854 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aSpPryl2_ayZcB2mSooNiAAAAAk"]
[Sat Nov 29 02:43:11.301127 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.local"] [unique_id "aSpPryl2_ayZcB2mSooNiAAAAAk"]
[Sat Nov 29 02:43:11.322941 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aSpPryl2_ayZcB2mSooNiQAAAAk"]
[Sat Nov 29 02:43:11.323261 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aSpPryl2_ayZcB2mSooNiQAAAAk"]
[Sat Nov 29 02:43:11.323497 2025] [:error] [pid 395885] [client 195.178.110.155:49328] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/new/.env.production"] [unique_id "aSpPryl2_ayZcB2mSooNiQAAAAk"]
[Sat Nov 29 02:43:13.465691 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /conf/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PQAAAAY"]
[Sat Nov 29 02:43:13.465927 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PQAAAAY"]
[Sat Nov 29 02:43:13.466163 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/conf/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PQAAAAY"]
[Sat Nov 29 02:43:13.487586 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PgAAAAY"]
[Sat Nov 29 02:43:13.487828 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PgAAAAY"]
[Sat Nov 29 02:43:13.488038 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/www/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PgAAAAY"]
[Sat Nov 29 02:43:13.513106 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PwAAAAY"]
[Sat Nov 29 02:43:13.513355 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PwAAAAY"]
[Sat Nov 29 02:43:13.513547 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-PwAAAAY"]
[Sat Nov 29 02:43:13.537270 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-QAAAAAY"]
[Sat Nov 29 02:43:13.537516 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-QAAAAAY"]
[Sat Nov 29 02:43:13.537734 2025] [:error] [pid 395860] [client 195.178.110.155:49338] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/app/.env"] [unique_id "aSpPsWGVbW32jAuRdZj-QAAAAAY"]
[Sat Nov 29 02:43:13.605391 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.vscode/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ-gAAAAs"]
[Sat Nov 29 02:43:13.605706 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ-gAAAAs"]
[Sat Nov 29 02:43:13.605893 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.vscode/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ-gAAAAs"]
[Sat Nov 29 02:43:13.627866 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /js/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ-wAAAAs"]
[Sat Nov 29 02:43:13.628212 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ-wAAAAs"]
[Sat Nov 29 02:43:13.628457 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/js/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ-wAAAAs"]
[Sat Nov 29 02:43:13.651763 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nginx/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_AAAAAs"]
[Sat Nov 29 02:43:13.652014 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_AAAAAs"]
[Sat Nov 29 02:43:13.652217 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/nginx/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_AAAAAs"]
[Sat Nov 29 02:43:13.674220 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_QAAAAs"]
[Sat Nov 29 02:43:13.674607 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_QAAAAs"]
[Sat Nov 29 02:43:13.674899 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_QAAAAs"]
[Sat Nov 29 02:43:13.696382 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_gAAAAs"]
[Sat Nov 29 02:43:13.696750 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_gAAAAs"]
[Sat Nov 29 02:43:13.696977 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_gAAAAs"]
[Sat Nov 29 02:43:13.719193 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /main/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_wAAAAs"]
[Sat Nov 29 02:43:13.719427 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_wAAAAs"]
[Sat Nov 29 02:43:13.719642 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/main.js/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuJ_wAAAAs"]
[Sat Nov 29 02:43:13.746077 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuKAAAAAAs"]
[Sat Nov 29 02:43:13.746481 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuKAAAAAAs"]
[Sat Nov 29 02:43:13.746757 2025] [:error] [pid 395887] [client 195.178.110.155:49354] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSpPsTRmtvrSM4WZBRuKAAAAAAs"]
[Sat Nov 29 02:43:13.849213 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aSpPsVonenFtamV5yHYdAQAAAAI"]
[Sat Nov 29 02:43:13.849453 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aSpPsVonenFtamV5yHYdAQAAAAI"]
[Sat Nov 29 02:43:13.849657 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/website/.env"] [unique_id "aSpPsVonenFtamV5yHYdAQAAAAI"]
[Sat Nov 29 02:43:13.871830 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aSpPsVonenFtamV5yHYdAgAAAAI"]
[Sat Nov 29 02:43:13.872176 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aSpPsVonenFtamV5yHYdAgAAAAI"]
[Sat Nov 29 02:43:13.872429 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/development/.env"] [unique_id "aSpPsVonenFtamV5yHYdAgAAAAI"]
[Sat Nov 29 02:43:13.894441 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSpPsVonenFtamV5yHYdAwAAAAI"]
[Sat Nov 29 02:43:13.894795 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSpPsVonenFtamV5yHYdAwAAAAI"]
[Sat Nov 29 02:43:13.895060 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSpPsVonenFtamV5yHYdAwAAAAI"]
[Sat Nov 29 02:43:13.916845 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aSpPsVonenFtamV5yHYdBAAAAAI"]
[Sat Nov 29 02:43:13.917188 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aSpPsVonenFtamV5yHYdBAAAAAI"]
[Sat Nov 29 02:43:13.917461 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/crm/.env"] [unique_id "aSpPsVonenFtamV5yHYdBAAAAAI"]
[Sat Nov 29 02:43:13.939130 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aSpPsVonenFtamV5yHYdBQAAAAI"]
[Sat Nov 29 02:43:13.939394 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aSpPsVonenFtamV5yHYdBQAAAAI"]
[Sat Nov 29 02:43:13.939600 2025] [:error] [pid 395858] [client 195.178.110.155:49370] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/local/.env"] [unique_id "aSpPsVonenFtamV5yHYdBQAAAAI"]
[Sat Nov 29 02:43:16.557452 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsAAAAAM"]
[Sat Nov 29 02:43:16.557724 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsAAAAAM"]
[Sat Nov 29 02:43:16.557935 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsAAAAAM"]
[Sat Nov 29 02:43:16.582332 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsQAAAAM"]
[Sat Nov 29 02:43:16.582612 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsQAAAAM"]
[Sat Nov 29 02:43:16.582823 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsQAAAAM"]
[Sat Nov 29 02:43:16.605013 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsgAAAAM"]
[Sat Nov 29 02:43:16.605264 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsgAAAAM"]
[Sat Nov 29 02:43:16.605472 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKsgAAAAM"]
[Sat Nov 29 02:43:16.627008 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKswAAAAM"]
[Sat Nov 29 02:43:16.627256 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKswAAAAM"]
[Sat Nov 29 02:43:16.627463 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKswAAAAM"]
[Sat Nov 29 02:43:16.648835 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtAAAAAM"]
[Sat Nov 29 02:43:16.649095 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtAAAAAM"]
[Sat Nov 29 02:43:16.649305 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtAAAAAM"]
[Sat Nov 29 02:43:16.673511 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtQAAAAM"]
[Sat Nov 29 02:43:16.673786 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtQAAAAM"]
[Sat Nov 29 02:43:16.674013 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtQAAAAM"]
[Sat Nov 29 02:43:16.697206 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtgAAAAM"]
[Sat Nov 29 02:43:16.697457 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtgAAAAM"]
[Sat Nov 29 02:43:16.697670 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtgAAAAM"]
[Sat Nov 29 02:43:16.719369 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtwAAAAM"]
[Sat Nov 29 02:43:16.719618 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtwAAAAM"]
[Sat Nov 29 02:43:16.719820 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/config/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKtwAAAAM"]
[Sat Nov 29 02:43:16.741329 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKuAAAAAM"]
[Sat Nov 29 02:43:16.741593 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKuAAAAAM"]
[Sat Nov 29 02:43:16.741813 2025] [:error] [pid 395881] [client 195.178.110.155:50418] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/shared/.env"] [unique_id "aSpPtLVL27gtiM4DUrnKuAAAAAM"]
[Sat Nov 29 02:44:01.289365 2025] [:error] [pid 395860] [client 195.178.110.155:55548] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aSpP4WGVbW32jAuRdZj-QQAAAAY"]
[Sat Nov 29 02:44:01.289603 2025] [:error] [pid 395860] [client 195.178.110.155:55548] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aSpP4WGVbW32jAuRdZj-QQAAAAY"]
[Sat Nov 29 02:44:01.289817 2025] [:error] [pid 395860] [client 195.178.110.155:55548] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.production"] [unique_id "aSpP4WGVbW32jAuRdZj-QQAAAAY"]
[Sat Nov 29 02:44:01.369406 2025] [:error] [pid 395887] [client 195.178.110.155:55558] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aSpP4TRmtvrSM4WZBRuKAgAAAAs"]
[Sat Nov 29 02:44:01.369642 2025] [:error] [pid 395887] [client 195.178.110.155:55558] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aSpP4TRmtvrSM4WZBRuKAgAAAAs"]
[Sat Nov 29 02:44:01.369847 2025] [:error] [pid 395887] [client 195.178.110.155:55558] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.local"] [unique_id "aSpP4TRmtvrSM4WZBRuKAgAAAAs"]
[Sat Nov 29 02:44:01.395020 2025] [:error] [pid 395887] [client 195.178.110.155:55558] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aSpP4TRmtvrSM4WZBRuKAwAAAAs"]
[Sat Nov 29 02:44:01.395256 2025] [:error] [pid 395887] [client 195.178.110.155:55558] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aSpP4TRmtvrSM4WZBRuKAwAAAAs"]
[Sat Nov 29 02:44:01.395457 2025] [:error] [pid 395887] [client 195.178.110.155:55558] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.production"] [unique_id "aSpP4TRmtvrSM4WZBRuKAwAAAAs"]
[Sat Nov 29 02:44:01.464765 2025] [:error] [pid 395858] [client 195.178.110.155:55568] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aSpP4VonenFtamV5yHYdBgAAAAI"]
[Sat Nov 29 02:44:01.465045 2025] [:error] [pid 395858] [client 195.178.110.155:55568] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aSpP4VonenFtamV5yHYdBgAAAAI"]
[Sat Nov 29 02:44:01.465275 2025] [:error] [pid 395858] [client 195.178.110.155:55568] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env.local"] [unique_id "aSpP4VonenFtamV5yHYdBgAAAAI"]
[Sat Nov 29 02:44:01.594755 2025] [:error] [pid 395881] [client 195.178.110.155:55570] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aSpP4bVL27gtiM4DUrnKuwAAAAM"]
[Sat Nov 29 02:44:01.595016 2025] [:error] [pid 395881] [client 195.178.110.155:55570] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aSpP4bVL27gtiM4DUrnKuwAAAAM"]
[Sat Nov 29 02:44:01.595202 2025] [:error] [pid 395881] [client 195.178.110.155:55570] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env.production"] [unique_id "aSpP4bVL27gtiM4DUrnKuwAAAAM"]
[Sat Nov 29 02:44:01.677753 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYaigAAAAU"]
[Sat Nov 29 02:44:01.678003 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYaigAAAAU"]
[Sat Nov 29 02:44:01.678213 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYaigAAAAU"]
[Sat Nov 29 02:44:01.699572 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/env/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/env/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYaiwAAAAU"]
[Sat Nov 29 02:44:01.699918 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/env/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYaiwAAAAU"]
[Sat Nov 29 02:44:01.700124 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/env/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYaiwAAAAU"]
[Sat Nov 29 02:44:01.721491 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYajAAAAAU"]
[Sat Nov 29 02:44:01.721754 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYajAAAAAU"]
[Sat Nov 29 02:44:01.721961 2025] [:error] [pid 395859] [client 195.178.110.155:55582] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aSpP4VoA1e4Hc_0ExRYajAAAAAU"]
[Sat Nov 29 02:44:01.802225 2025] [:error] [pid 396956] [client 195.178.110.155:55586] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aSpP4YtKufSJfVuSdY3izgAAAAo"]
[Sat Nov 29 02:44:01.802494 2025] [:error] [pid 396956] [client 195.178.110.155:55586] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aSpP4YtKufSJfVuSdY3izgAAAAo"]
[Sat Nov 29 02:44:01.802697 2025] [:error] [pid 396956] [client 195.178.110.155:55586] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/services/.env"] [unique_id "aSpP4YtKufSJfVuSdY3izgAAAAo"]
[Sat Nov 29 02:44:01.979732 2025] [:error] [pid 395857] [client 195.178.110.155:55590] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservices/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/microservices/.env"] [unique_id "aSpP4TSCF_TM1-8eXUjH5QAAAAw"]
[Sat Nov 29 02:44:01.979977 2025] [:error] [pid 395857] [client 195.178.110.155:55590] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/microservices/.env"] [unique_id "aSpP4TSCF_TM1-8eXUjH5QAAAAw"]
[Sat Nov 29 02:44:01.980165 2025] [:error] [pid 395857] [client 195.178.110.155:55590] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/microservices/.env"] [unique_id "aSpP4TSCF_TM1-8eXUjH5QAAAAw"]
[Sat Nov 29 02:44:02.057621 2025] [:error] [pid 397988] [client 195.178.110.155:55592] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lambda/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aSpP4hKqLD0gRyhv8mzDmAAAAAA"]
[Sat Nov 29 02:44:02.057861 2025] [:error] [pid 397988] [client 195.178.110.155:55592] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aSpP4hKqLD0gRyhv8mzDmAAAAAA"]
[Sat Nov 29 02:44:02.058050 2025] [:error] [pid 397988] [client 195.178.110.155:55592] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lambda/.env"] [unique_id "aSpP4hKqLD0gRyhv8mzDmAAAAAA"]
[Sat Nov 29 02:44:02.174244 2025] [:error] [pid 397989] [client 195.178.110.155:55608] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aSpP4imN-eoTuPxnkTNVLQAAAAE"]
[Sat Nov 29 02:44:02.174554 2025] [:error] [pid 397989] [client 195.178.110.155:55608] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aSpP4imN-eoTuPxnkTNVLQAAAAE"]
[Sat Nov 29 02:44:02.174758 2025] [:error] [pid 397989] [client 195.178.110.155:55608] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/functions/.env"] [unique_id "aSpP4imN-eoTuPxnkTNVLQAAAAE"]
[Sat Nov 29 02:44:24.315584 2025] [:error] [pid 398018] [client 195.178.110.155:49980] [client 195.178.110.155] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aSpP-O3_2PExldOtev6ZFAAAAAY"]
[Sat Nov 29 02:44:24.315896 2025] [:error] [pid 398018] [client 195.178.110.155:49980] [client 195.178.110.155] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aSpP-O3_2PExldOtev6ZFAAAAAY"]
[Sat Nov 29 02:44:24.316108 2025] [:error] [pid 398018] [client 195.178.110.155:49980] [client 195.178.110.155] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aSpP-O3_2PExldOtev6ZFAAAAAY"]
[Sat Nov 29 08:14:28.910648 2025] [:error] [pid 398575] [client 2.57.122.173:47152] [client 2.57.122.173] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSqdVPf8q--fJYmSMAuGFwAAAAk"]
[Sat Nov 29 08:14:28.910908 2025] [:error] [pid 398575] [client 2.57.122.173:47152] [client 2.57.122.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSqdVPf8q--fJYmSMAuGFwAAAAk"]
[Sat Nov 29 08:14:28.911078 2025] [:error] [pid 398575] [client 2.57.122.173:47152] [client 2.57.122.173] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSqdVPf8q--fJYmSMAuGFwAAAAk"]
[Sat Nov 29 16:58:07.410926 2025] [:error] [pid 406840] [client 34.82.32.163:50054] [client 34.82.32.163] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSsYDx5v0tkB6ceEreJZywAAAA0"]
[Sat Nov 29 16:58:07.411973 2025] [:error] [pid 406840] [client 34.82.32.163:50054] [client 34.82.32.163] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSsYDx5v0tkB6ceEreJZywAAAA0"]
[Sat Nov 29 16:58:07.412180 2025] [:error] [pid 406840] [client 34.82.32.163:50054] [client 34.82.32.163] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSsYDx5v0tkB6ceEreJZywAAAA0"]
[Sat Nov 29 20:56:50.662089 2025] [:error] [pid 406833] [client 204.76.203.25:41346] [client 204.76.203.25] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aStQAmSaoKqaTAweeOm1JgAAAAE"]
[Sat Nov 29 20:56:50.662386 2025] [:error] [pid 406833] [client 204.76.203.25:41346] [client 204.76.203.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aStQAmSaoKqaTAweeOm1JgAAAAE"]
[Sat Nov 29 20:56:50.662544 2025] [:error] [pid 406833] [client 204.76.203.25:41346] [client 204.76.203.25] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aStQAmSaoKqaTAweeOm1JgAAAAE"]
[Sat Nov 29 22:25:20.316531 2025] [:error] [pid 415635] [client 3.1.26.185:50548] [client 3.1.26.185] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aStkwJD_EQ2bp6v9sqIzbQAAACs"]
[Sat Nov 29 22:25:20.316770 2025] [:error] [pid 415635] [client 3.1.26.185:50548] [client 3.1.26.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aStkwJD_EQ2bp6v9sqIzbQAAACs"]
[Sat Nov 29 22:25:20.316953 2025] [:error] [pid 415635] [client 3.1.26.185:50548] [client 3.1.26.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aStkwJD_EQ2bp6v9sqIzbQAAACs"]
[Sat Nov 29 22:25:21.057064 2025] [:error] [pid 415602] [client 3.1.26.185:50550] [client 3.1.26.185] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aStkwTljkL3-zKEEhIR4HwAAAAM"]
[Sat Nov 29 22:25:21.057330 2025] [:error] [pid 415602] [client 3.1.26.185:50550] [client 3.1.26.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aStkwTljkL3-zKEEhIR4HwAAAAM"]
[Sat Nov 29 22:25:21.057526 2025] [:error] [pid 415602] [client 3.1.26.185:50550] [client 3.1.26.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aStkwTljkL3-zKEEhIR4HwAAAAM"]
[Sat Nov 29 22:25:21.797480 2025] [:error] [pid 415527] [client 3.1.26.185:50562] [client 3.1.26.185] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aStkwRh4R8vT6XSyrx1VUQAAAAk"]
[Sat Nov 29 22:25:21.797705 2025] [:error] [pid 415527] [client 3.1.26.185:50562] [client 3.1.26.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aStkwRh4R8vT6XSyrx1VUQAAAAk"]
[Sat Nov 29 22:25:21.797905 2025] [:error] [pid 415527] [client 3.1.26.185:50562] [client 3.1.26.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aStkwRh4R8vT6XSyrx1VUQAAAAk"]
[Sat Nov 29 22:25:22.534487 2025] [:error] [pid 415606] [client 3.1.26.185:50578] [client 3.1.26.185] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aStkwjPH2TaDHxtKB4UGsAAAAA4"]
[Sat Nov 29 22:25:22.534720 2025] [:error] [pid 415606] [client 3.1.26.185:50578] [client 3.1.26.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aStkwjPH2TaDHxtKB4UGsAAAAA4"]
[Sat Nov 29 22:25:22.534900 2025] [:error] [pid 415606] [client 3.1.26.185:50578] [client 3.1.26.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aStkwjPH2TaDHxtKB4UGsAAAAA4"]
[Sat Nov 29 22:25:23.257682 2025] [:error] [pid 415609] [client 3.1.26.185:50590] [client 3.1.26.185] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aStkw_ZD94YQvfLnKIUz4QAAABE"]
[Sat Nov 29 22:25:23.257898 2025] [:error] [pid 415609] [client 3.1.26.185:50590] [client 3.1.26.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aStkw_ZD94YQvfLnKIUz4QAAABE"]
[Sat Nov 29 22:25:23.258102 2025] [:error] [pid 415609] [client 3.1.26.185:50590] [client 3.1.26.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aStkw_ZD94YQvfLnKIUz4QAAABE"]
[Sat Nov 29 22:25:23.971292 2025] [:error] [pid 415627] [client 3.1.26.185:50604] [client 3.1.26.185] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aStkw5djneMF8PJYIKqPSwAAACM"]
[Sat Nov 29 22:25:23.971479 2025] [:error] [pid 415627] [client 3.1.26.185:50604] [client 3.1.26.185] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aStkw5djneMF8PJYIKqPSwAAACM"]
[Sat Nov 29 22:25:23.971693 2025] [:error] [pid 415627] [client 3.1.26.185:50604] [client 3.1.26.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aStkw5djneMF8PJYIKqPSwAAACM"]
[Sat Nov 29 22:25:23.971896 2025] [:error] [pid 415627] [client 3.1.26.185:50604] [client 3.1.26.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aStkw5djneMF8PJYIKqPSwAAACM"]
[Sat Nov 29 22:25:24.711508 2025] [:error] [pid 415624] [client 3.1.26.185:50620] [client 3.1.26.185] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aStkxJVxs3jrFZ5DBrmi9QAAACA"]
[Sat Nov 29 22:25:24.711735 2025] [:error] [pid 415624] [client 3.1.26.185:50620] [client 3.1.26.185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aStkxJVxs3jrFZ5DBrmi9QAAACA"]
[Sat Nov 29 22:25:24.711909 2025] [:error] [pid 415624] [client 3.1.26.185:50620] [client 3.1.26.185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aStkxJVxs3jrFZ5DBrmi9QAAACA"]
[Sat Nov 29 23:21:15.773969 2025] [:error] [pid 415626] [client 93.123.109.7:57946] [client 93.123.109.7] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aStx2ygZ0_SbRmIZNqZiXAAAACI"]
[Sat Nov 29 23:21:15.774248 2025] [:error] [pid 415626] [client 93.123.109.7:57946] [client 93.123.109.7] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aStx2ygZ0_SbRmIZNqZiXAAAACI"]
[Sat Nov 29 23:21:15.774457 2025] [:error] [pid 415626] [client 93.123.109.7:57946] [client 93.123.109.7] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aStx2ygZ0_SbRmIZNqZiXAAAACI"]
[Sun Nov 30 15:24:43.443262 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aSxTqy6tRBnriPIR7Vg5PAAAAAw"]
[Sun Nov 30 15:24:43.443610 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aSxTqy6tRBnriPIR7Vg5PAAAAAw"]
[Sun Nov 30 15:24:43.443887 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sites/default/settings.php"] [unique_id "aSxTqy6tRBnriPIR7Vg5PAAAAAw"]
[Sun Nov 30 15:24:43.668261 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSxTqy6tRBnriPIR7Vg5PQAAAAw"]
[Sun Nov 30 15:24:43.668437 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSxTqy6tRBnriPIR7Vg5PQAAAAw"]
[Sun Nov 30 15:24:43.668662 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSxTqy6tRBnriPIR7Vg5PQAAAAw"]
[Sun Nov 30 15:24:43.668852 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.old"] [unique_id "aSxTqy6tRBnriPIR7Vg5PQAAAAw"]
[Sun Nov 30 15:24:43.893188 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSxTqy6tRBnriPIR7Vg5PgAAAAw"]
[Sun Nov 30 15:24:43.893446 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSxTqy6tRBnriPIR7Vg5PgAAAAw"]
[Sun Nov 30 15:24:43.893661 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.save"] [unique_id "aSxTqy6tRBnriPIR7Vg5PgAAAAw"]
[Sun Nov 30 15:24:44.118303 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aSxTrC6tRBnriPIR7Vg5PwAAAAw"]
[Sun Nov 30 15:24:44.118633 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aSxTrC6tRBnriPIR7Vg5PwAAAAw"]
[Sun Nov 30 15:24:44.118929 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dist"] [unique_id "aSxTrC6tRBnriPIR7Vg5PwAAAAw"]
[Sun Nov 30 15:24:44.568828 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aSxTrC6tRBnriPIR7Vg5QQAAAAw"]
[Sun Nov 30 15:24:44.569159 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aSxTrC6tRBnriPIR7Vg5QQAAAAw"]
[Sun Nov 30 15:24:44.569376 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.swp"] [unique_id "aSxTrC6tRBnriPIR7Vg5QQAAAAw"]
[Sun Nov 30 15:24:44.794520 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSxTrC6tRBnriPIR7Vg5QgAAAAw"]
[Sun Nov 30 15:24:44.794802 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSxTrC6tRBnriPIR7Vg5QgAAAAw"]
[Sun Nov 30 15:24:44.795050 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env"] [unique_id "aSxTrC6tRBnriPIR7Vg5QgAAAAw"]
[Sun Nov 30 15:24:45.244673 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aSxTrS6tRBnriPIR7Vg5RAAAAAw"]
[Sun Nov 30 15:24:45.244845 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aSxTrS6tRBnriPIR7Vg5RAAAAAw"]
[Sun Nov 30 15:24:45.245053 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aSxTrS6tRBnriPIR7Vg5RAAAAAw"]
[Sun Nov 30 15:24:45.245269 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.bak"] [unique_id "aSxTrS6tRBnriPIR7Vg5RAAAAAw"]
[Sun Nov 30 15:24:45.920982 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aSxTrS6tRBnriPIR7Vg5RwAAAAw"]
[Sun Nov 30 15:24:45.921223 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aSxTrS6tRBnriPIR7Vg5RwAAAAw"]
[Sun Nov 30 15:24:45.921427 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/kubernetes/.env"] [unique_id "aSxTrS6tRBnriPIR7Vg5RwAAAAw"]
[Sun Nov 30 15:24:46.146994 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.local"] [unique_id "aSxTri6tRBnriPIR7Vg5SAAAAAw"]
[Sun Nov 30 15:24:46.147242 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.local"] [unique_id "aSxTri6tRBnriPIR7Vg5SAAAAAw"]
[Sun Nov 30 15:24:46.147475 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging.local"] [unique_id "aSxTri6tRBnriPIR7Vg5SAAAAAw"]
[Sun Nov 30 15:24:46.381127 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSxTri6tRBnriPIR7Vg5SQAAAAw"]
[Sun Nov 30 15:24:46.381354 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSxTri6tRBnriPIR7Vg5SQAAAAw"]
[Sun Nov 30 15:24:46.381580 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lab/.env"] [unique_id "aSxTri6tRBnriPIR7Vg5SQAAAAw"]
[Sun Nov 30 15:24:47.961745 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSxTry6tRBnriPIR7Vg5UAAAAAw"]
[Sun Nov 30 15:24:47.961920 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSxTry6tRBnriPIR7Vg5UAAAAAw"]
[Sun Nov 30 15:24:47.962128 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSxTry6tRBnriPIR7Vg5UAAAAAw"]
[Sun Nov 30 15:24:47.962374 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.old"] [unique_id "aSxTry6tRBnriPIR7Vg5UAAAAAw"]
[Sun Nov 30 15:24:48.637534 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSxTsC6tRBnriPIR7Vg5UwAAAAw"]
[Sun Nov 30 15:24:48.637711 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSxTsC6tRBnriPIR7Vg5UwAAAAw"]
[Sun Nov 30 15:24:48.637914 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSxTsC6tRBnriPIR7Vg5UwAAAAw"]
[Sun Nov 30 15:24:48.638124 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSxTsC6tRBnriPIR7Vg5UwAAAAw"]
[Sun Nov 30 15:24:48.863333 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSxTsC6tRBnriPIR7Vg5VAAAAAw"]
[Sun Nov 30 15:24:48.863690 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSxTsC6tRBnriPIR7Vg5VAAAAAw"]
[Sun Nov 30 15:24:48.863937 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/exapi/.env"] [unique_id "aSxTsC6tRBnriPIR7Vg5VAAAAAw"]
[Sun Nov 30 15:24:49.088134 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aSxTsS6tRBnriPIR7Vg5VQAAAAw"]
[Sun Nov 30 15:24:49.088476 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aSxTsS6tRBnriPIR7Vg5VQAAAAw"]
[Sun Nov 30 15:24:49.088686 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.bak"] [unique_id "aSxTsS6tRBnriPIR7Vg5VQAAAAw"]
[Sun Nov 30 15:24:50.668703 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSxTsi6tRBnriPIR7Vg5XAAAAAw"]
[Sun Nov 30 15:24:50.668923 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSxTsi6tRBnriPIR7Vg5XAAAAAw"]
[Sun Nov 30 15:24:50.669161 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env"] [unique_id "aSxTsi6tRBnriPIR7Vg5XAAAAAw"]
[Sun Nov 30 15:24:51.344478 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSxTsy6tRBnriPIR7Vg5XwAAAAw"]
[Sun Nov 30 15:24:51.344646 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSxTsy6tRBnriPIR7Vg5XwAAAAw"]
[Sun Nov 30 15:24:51.344872 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSxTsy6tRBnriPIR7Vg5XwAAAAw"]
[Sun Nov 30 15:24:51.345093 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSxTsy6tRBnriPIR7Vg5XwAAAAw"]
[Sun Nov 30 15:24:52.029278 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSxTtC6tRBnriPIR7Vg5YgAAAAw"]
[Sun Nov 30 15:24:52.029450 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSxTtC6tRBnriPIR7Vg5YgAAAAw"]
[Sun Nov 30 15:24:52.029654 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSxTtC6tRBnriPIR7Vg5YgAAAAw"]
[Sun Nov 30 15:24:52.029858 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.old"] [unique_id "aSxTtC6tRBnriPIR7Vg5YgAAAAw"]
[Sun Nov 30 15:24:52.254913 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aSxTtC6tRBnriPIR7Vg5YwAAAAw"]
[Sun Nov 30 15:24:52.255081 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aSxTtC6tRBnriPIR7Vg5YwAAAAw"]
[Sun Nov 30 15:24:52.255300 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aSxTtC6tRBnriPIR7Vg5YwAAAAw"]
[Sun Nov 30 15:24:52.255516 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.bak"] [unique_id "aSxTtC6tRBnriPIR7Vg5YwAAAAw"]
[Sun Nov 30 15:24:52.482917 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/error.log"] [unique_id "aSxTtC6tRBnriPIR7Vg5ZAAAAAw"]
[Sun Nov 30 15:24:52.483268 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/error.log"] [unique_id "aSxTtC6tRBnriPIR7Vg5ZAAAAAw"]
[Sun Nov 30 15:24:52.483476 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/apache2/error.log"] [unique_id "aSxTtC6tRBnriPIR7Vg5ZAAAAAw"]
[Sun Nov 30 15:24:53.184794 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5ZwAAAAw"]
[Sun Nov 30 15:24:53.185043 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5ZwAAAAw"]
[Sun Nov 30 15:24:53.185275 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5ZwAAAAw"]
[Sun Nov 30 15:24:53.413119 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5aAAAAAw"]
[Sun Nov 30 15:24:53.413339 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5aAAAAAw"]
[Sun Nov 30 15:24:53.413539 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5aAAAAAw"]
[Sun Nov 30 15:24:53.877288 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5agAAAAw"]
[Sun Nov 30 15:24:53.877516 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5agAAAAw"]
[Sun Nov 30 15:24:53.877739 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSxTtS6tRBnriPIR7Vg5agAAAAw"]
[Sun Nov 30 15:24:54.327651 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSxTti6tRBnriPIR7Vg5bAAAAAw"]
[Sun Nov 30 15:24:54.327882 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSxTti6tRBnriPIR7Vg5bAAAAAw"]
[Sun Nov 30 15:24:54.328142 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env"] [unique_id "aSxTti6tRBnriPIR7Vg5bAAAAAw"]
[Sun Nov 30 15:24:54.778875 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSxTti6tRBnriPIR7Vg5bgAAAAw"]
[Sun Nov 30 15:24:54.779125 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSxTti6tRBnriPIR7Vg5bgAAAAw"]
[Sun Nov 30 15:24:54.779348 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.save"] [unique_id "aSxTti6tRBnriPIR7Vg5bgAAAAw"]
[Sun Nov 30 15:24:55.004697 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSxTty6tRBnriPIR7Vg5bwAAAAw"]
[Sun Nov 30 15:24:55.004914 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSxTty6tRBnriPIR7Vg5bwAAAAw"]
[Sun Nov 30 15:24:55.005120 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env"] [unique_id "aSxTty6tRBnriPIR7Vg5bwAAAAw"]
[Sun Nov 30 15:24:55.231030 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aSxTty6tRBnriPIR7Vg5cAAAAAw"]
[Sun Nov 30 15:24:55.231222 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aSxTty6tRBnriPIR7Vg5cAAAAAw"]
[Sun Nov 30 15:24:55.231441 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aSxTty6tRBnriPIR7Vg5cAAAAAw"]
[Sun Nov 30 15:24:55.231655 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.bak"] [unique_id "aSxTty6tRBnriPIR7Vg5cAAAAAw"]
[Sun Nov 30 15:24:55.456193 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aSxTty6tRBnriPIR7Vg5cQAAAAw"]
[Sun Nov 30 15:24:55.456549 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aSxTty6tRBnriPIR7Vg5cQAAAAw"]
[Sun Nov 30 15:24:55.456769 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/debug.log"] [unique_id "aSxTty6tRBnriPIR7Vg5cQAAAAw"]
[Sun Nov 30 15:24:55.910977 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSxTty6tRBnriPIR7Vg5cwAAAAw"]
[Sun Nov 30 15:24:55.911203 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSxTty6tRBnriPIR7Vg5cwAAAAw"]
[Sun Nov 30 15:24:55.912377 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod"] [unique_id "aSxTty6tRBnriPIR7Vg5cwAAAAw"]
[Sun Nov 30 15:24:56.365841 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/app/etc/local.xml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /app/etc/local.xml found within REQUEST_FILENAME: /app/etc/local.xml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aSxTuC6tRBnriPIR7Vg5dQAAAAw"]
[Sun Nov 30 15:24:56.366063 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aSxTuC6tRBnriPIR7Vg5dQAAAAw"]
[Sun Nov 30 15:24:56.366268 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/etc/local.xml"] [unique_id "aSxTuC6tRBnriPIR7Vg5dQAAAAw"]
[Sun Nov 30 15:24:56.820121 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSxTuC6tRBnriPIR7Vg5dwAAAAw"]
[Sun Nov 30 15:24:56.820331 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSxTuC6tRBnriPIR7Vg5dwAAAAw"]
[Sun Nov 30 15:24:56.820529 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env"] [unique_id "aSxTuC6tRBnriPIR7Vg5dwAAAAw"]
[Sun Nov 30 15:24:57.056414 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSxTuS6tRBnriPIR7Vg5eAAAAAw"]
[Sun Nov 30 15:24:57.056647 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSxTuS6tRBnriPIR7Vg5eAAAAAw"]
[Sun Nov 30 15:24:57.056864 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env"] [unique_id "aSxTuS6tRBnriPIR7Vg5eAAAAAw"]
[Sun Nov 30 15:24:57.522267 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSxTuS6tRBnriPIR7Vg5egAAAAw"]
[Sun Nov 30 15:24:57.522654 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSxTuS6tRBnriPIR7Vg5egAAAAw"]
[Sun Nov 30 15:24:57.522863 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.backup"] [unique_id "aSxTuS6tRBnriPIR7Vg5egAAAAw"]
[Sun Nov 30 15:24:57.975155 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSxTuS6tRBnriPIR7Vg5fAAAAAw"]
[Sun Nov 30 15:24:57.975379 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSxTuS6tRBnriPIR7Vg5fAAAAAw"]
[Sun Nov 30 15:24:57.975595 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.save"] [unique_id "aSxTuS6tRBnriPIR7Vg5fAAAAAw"]
[Sun Nov 30 15:24:58.203315 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSxTui6tRBnriPIR7Vg5fQAAAAw"]
[Sun Nov 30 15:24:58.203562 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSxTui6tRBnriPIR7Vg5fQAAAAw"]
[Sun Nov 30 15:24:58.203800 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.save"] [unique_id "aSxTui6tRBnriPIR7Vg5fQAAAAw"]
[Sun Nov 30 15:24:58.882899 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aSxTui6tRBnriPIR7Vg5gAAAAAw"]
[Sun Nov 30 15:24:58.883061 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aSxTui6tRBnriPIR7Vg5gAAAAAw"]
[Sun Nov 30 15:24:58.883287 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aSxTui6tRBnriPIR7Vg5gAAAAAw"]
[Sun Nov 30 15:24:58.883576 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.bak"] [unique_id "aSxTui6tRBnriPIR7Vg5gAAAAAw"]
[Sun Nov 30 15:24:59.108811 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "database.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: database.yml found within REQUEST_FILENAME: /config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aSxTuy6tRBnriPIR7Vg5gQAAAAw"]
[Sun Nov 30 15:24:59.109025 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aSxTuy6tRBnriPIR7Vg5gQAAAAw"]
[Sun Nov 30 15:24:59.109226 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/database.yml"] [unique_id "aSxTuy6tRBnriPIR7Vg5gQAAAAw"]
[Sun Nov 30 15:24:59.333830 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSxTuy6tRBnriPIR7Vg5ggAAAAw"]
[Sun Nov 30 15:24:59.334059 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSxTuy6tRBnriPIR7Vg5ggAAAAw"]
[Sun Nov 30 15:24:59.334281 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v2/.env"] [unique_id "aSxTuy6tRBnriPIR7Vg5ggAAAAw"]
[Sun Nov 30 15:24:59.787363 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSxTuy6tRBnriPIR7Vg5hAAAAAw"]
[Sun Nov 30 15:24:59.787533 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSxTuy6tRBnriPIR7Vg5hAAAAAw"]
[Sun Nov 30 15:24:59.787737 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSxTuy6tRBnriPIR7Vg5hAAAAAw"]
[Sun Nov 30 15:24:59.787925 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.old"] [unique_id "aSxTuy6tRBnriPIR7Vg5hAAAAAw"]
[Sun Nov 30 15:25:00.012689 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aSxTvC6tRBnriPIR7Vg5hQAAAAw"]
[Sun Nov 30 15:25:00.012947 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aSxTvC6tRBnriPIR7Vg5hQAAAAw"]
[Sun Nov 30 15:25:00.013175 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aSxTvC6tRBnriPIR7Vg5hQAAAAw"]
[Sun Nov 30 15:25:00.463226 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSxTvC6tRBnriPIR7Vg5hwAAAAw"]
[Sun Nov 30 15:25:00.463443 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSxTvC6tRBnriPIR7Vg5hwAAAAw"]
[Sun Nov 30 15:25:00.463662 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.save"] [unique_id "aSxTvC6tRBnriPIR7Vg5hwAAAAw"]
[Sun Nov 30 15:25:00.688751 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSxTvC6tRBnriPIR7Vg5iAAAAAw"]
[Sun Nov 30 15:25:00.688975 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSxTvC6tRBnriPIR7Vg5iAAAAAw"]
[Sun Nov 30 15:25:00.689221 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.save"] [unique_id "aSxTvC6tRBnriPIR7Vg5iAAAAAw"]
[Sun Nov 30 15:25:01.140655 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSxTvS6tRBnriPIR7Vg5igAAAAw"]
[Sun Nov 30 15:25:01.140892 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSxTvS6tRBnriPIR7Vg5igAAAAw"]
[Sun Nov 30 15:25:01.141115 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.test"] [unique_id "aSxTvS6tRBnriPIR7Vg5igAAAAw"]
[Sun Nov 30 15:25:01.368230 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aSxTvS6tRBnriPIR7Vg5iwAAAAw"]
[Sun Nov 30 15:25:01.368412 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aSxTvS6tRBnriPIR7Vg5iwAAAAw"]
[Sun Nov 30 15:25:01.368634 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aSxTvS6tRBnriPIR7Vg5iwAAAAw"]
[Sun Nov 30 15:25:01.368869 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env.bak"] [unique_id "aSxTvS6tRBnriPIR7Vg5iwAAAAw"]
[Sun Nov 30 15:25:02.721204 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSxTvi6tRBnriPIR7Vg5kQAAAAw"]
[Sun Nov 30 15:25:02.721376 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSxTvi6tRBnriPIR7Vg5kQAAAAw"]
[Sun Nov 30 15:25:02.721582 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSxTvi6tRBnriPIR7Vg5kQAAAAw"]
[Sun Nov 30 15:25:02.721803 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.old"] [unique_id "aSxTvi6tRBnriPIR7Vg5kQAAAAw"]
[Sun Nov 30 15:25:02.946736 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSxTvi6tRBnriPIR7Vg5kgAAAAw"]
[Sun Nov 30 15:25:02.946964 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSxTvi6tRBnriPIR7Vg5kgAAAAw"]
[Sun Nov 30 15:25:02.947196 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php"] [unique_id "aSxTvi6tRBnriPIR7Vg5kgAAAAw"]
[Sun Nov 30 15:25:03.397102 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "aSxTvy6tRBnriPIR7Vg5lAAAAAw"]
[Sun Nov 30 15:25:03.397434 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "aSxTvy6tRBnriPIR7Vg5lAAAAAw"]
[Sun Nov 30 15:25:03.397651 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.wp-config.php.swp"] [unique_id "aSxTvy6tRBnriPIR7Vg5lAAAAAw"]
[Sun Nov 30 15:25:03.848521 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "aSxTvy6tRBnriPIR7Vg5lgAAAAw"]
[Sun Nov 30 15:25:03.848743 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "aSxTvy6tRBnriPIR7Vg5lgAAAAw"]
[Sun Nov 30 15:25:03.849004 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.save"] [unique_id "aSxTvy6tRBnriPIR7Vg5lgAAAAw"]
[Sun Nov 30 15:25:04.073759 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aSxTwC6tRBnriPIR7Vg5lwAAAAw"]
[Sun Nov 30 15:25:04.073979 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aSxTwC6tRBnriPIR7Vg5lwAAAAw"]
[Sun Nov 30 15:25:04.074214 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.1"] [unique_id "aSxTwC6tRBnriPIR7Vg5lwAAAAw"]
[Sun Nov 30 15:25:04.298437 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aSxTwC6tRBnriPIR7Vg5mAAAAAw"]
[Sun Nov 30 15:25:04.298608 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aSxTwC6tRBnriPIR7Vg5mAAAAAw"]
[Sun Nov 30 15:25:04.298815 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aSxTwC6tRBnriPIR7Vg5mAAAAAw"]
[Sun Nov 30 15:25:04.299025 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.bak"] [unique_id "aSxTwC6tRBnriPIR7Vg5mAAAAAw"]
[Sun Nov 30 15:25:04.523403 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSxTwC6tRBnriPIR7Vg5mQAAAAw"]
[Sun Nov 30 15:25:04.523634 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSxTwC6tRBnriPIR7Vg5mQAAAAw"]
[Sun Nov 30 15:25:04.523843 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.example"] [unique_id "aSxTwC6tRBnriPIR7Vg5mQAAAAw"]
[Sun Nov 30 15:25:04.973737 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSxTwC6tRBnriPIR7Vg5mwAAAAw"]
[Sun Nov 30 15:25:04.973957 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSxTwC6tRBnriPIR7Vg5mwAAAAw"]
[Sun Nov 30 15:25:04.974145 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env.save"] [unique_id "aSxTwC6tRBnriPIR7Vg5mwAAAAw"]
[Sun Nov 30 15:25:05.198796 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSxTwS6tRBnriPIR7Vg5nAAAAAw"]
[Sun Nov 30 15:25:05.199032 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSxTwS6tRBnriPIR7Vg5nAAAAAw"]
[Sun Nov 30 15:25:05.199244 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSxTwS6tRBnriPIR7Vg5nAAAAAw"]
[Sun Nov 30 15:25:05.424051 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aSxTwS6tRBnriPIR7Vg5nQAAAAw"]
[Sun Nov 30 15:25:05.424223 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /system/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aSxTwS6tRBnriPIR7Vg5nQAAAAw"]
[Sun Nov 30 15:25:05.424434 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aSxTwS6tRBnriPIR7Vg5nQAAAAw"]
[Sun Nov 30 15:25:05.424646 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/system/.env.bak"] [unique_id "aSxTwS6tRBnriPIR7Vg5nQAAAAw"]
[Sun Nov 30 15:25:05.874909 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSxTwS6tRBnriPIR7Vg5nwAAAAw"]
[Sun Nov 30 15:25:05.875077 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSxTwS6tRBnriPIR7Vg5nwAAAAw"]
[Sun Nov 30 15:25:05.875276 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSxTwS6tRBnriPIR7Vg5nwAAAAw"]
[Sun Nov 30 15:25:05.875475 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSxTwS6tRBnriPIR7Vg5nwAAAAw"]
[Sun Nov 30 15:25:06.100623 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSxTwi6tRBnriPIR7Vg5oAAAAAw"]
[Sun Nov 30 15:25:06.100871 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSxTwi6tRBnriPIR7Vg5oAAAAAw"]
[Sun Nov 30 15:25:06.101100 2025] [:error] [pid 421122] [client 18.228.238.136:54058] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.save"] [unique_id "aSxTwi6tRBnriPIR7Vg5oAAAAAw"]
[Sun Nov 30 15:25:06.999257 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSxTwkR0pJY8_qkvKEEfNgAAAAM"]
[Sun Nov 30 15:25:06.999580 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSxTwkR0pJY8_qkvKEEfNgAAAAM"]
[Sun Nov 30 15:25:06.999840 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.save"] [unique_id "aSxTwkR0pJY8_qkvKEEfNgAAAAM"]
[Sun Nov 30 15:25:07.224453 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aSxTw0R0pJY8_qkvKEEfNwAAAAM"]
[Sun Nov 30 15:25:07.224686 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aSxTw0R0pJY8_qkvKEEfNwAAAAM"]
[Sun Nov 30 15:25:07.225427 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production.local"] [unique_id "aSxTw0R0pJY8_qkvKEEfNwAAAAM"]
[Sun Nov 30 15:25:07.449596 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSxTw0R0pJY8_qkvKEEfOAAAAAM"]
[Sun Nov 30 15:25:07.449835 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSxTw0R0pJY8_qkvKEEfOAAAAAM"]
[Sun Nov 30 15:25:07.450042 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.local"] [unique_id "aSxTw0R0pJY8_qkvKEEfOAAAAAM"]
[Sun Nov 30 15:25:08.351648 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSxTxER0pJY8_qkvKEEfPAAAAAM"]
[Sun Nov 30 15:25:08.352000 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSxTxER0pJY8_qkvKEEfPAAAAAM"]
[Sun Nov 30 15:25:08.352217 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.old"] [unique_id "aSxTxER0pJY8_qkvKEEfPAAAAAM"]
[Sun Nov 30 15:25:08.575879 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSxTxER0pJY8_qkvKEEfPQAAAAM"]
[Sun Nov 30 15:25:08.576095 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSxTxER0pJY8_qkvKEEfPQAAAAM"]
[Sun Nov 30 15:25:08.576295 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.git/config"] [unique_id "aSxTxER0pJY8_qkvKEEfPQAAAAM"]
[Sun Nov 30 15:25:08.801393 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSxTxER0pJY8_qkvKEEfPgAAAAM"]
[Sun Nov 30 15:25:08.801695 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSxTxER0pJY8_qkvKEEfPgAAAAM"]
[Sun Nov 30 15:25:08.801970 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env"] [unique_id "aSxTxER0pJY8_qkvKEEfPgAAAAM"]
[Sun Nov 30 15:25:09.026012 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSxTxUR0pJY8_qkvKEEfPwAAAAM"]
[Sun Nov 30 15:25:09.026233 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSxTxUR0pJY8_qkvKEEfPwAAAAM"]
[Sun Nov 30 15:25:09.026457 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env"] [unique_id "aSxTxUR0pJY8_qkvKEEfPwAAAAM"]
[Sun Nov 30 15:25:09.250693 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aSxTxUR0pJY8_qkvKEEfQAAAAAM"]
[Sun Nov 30 15:25:09.251127 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aSxTxUR0pJY8_qkvKEEfQAAAAAM"]
[Sun Nov 30 15:25:09.251354 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.bak"] [unique_id "aSxTxUR0pJY8_qkvKEEfQAAAAAM"]
[Sun Nov 30 15:25:09.477104 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aSxTxUR0pJY8_qkvKEEfQQAAAAM"]
[Sun Nov 30 15:25:09.477449 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aSxTxUR0pJY8_qkvKEEfQQAAAAM"]
[Sun Nov 30 15:25:09.477645 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aSxTxUR0pJY8_qkvKEEfQQAAAAM"]
[Sun Nov 30 15:25:09.927421 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSxTxUR0pJY8_qkvKEEfQwAAAAM"]
[Sun Nov 30 15:25:09.927600 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSxTxUR0pJY8_qkvKEEfQwAAAAM"]
[Sun Nov 30 15:25:09.927809 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSxTxUR0pJY8_qkvKEEfQwAAAAM"]
[Sun Nov 30 15:25:09.928003 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSxTxUR0pJY8_qkvKEEfQwAAAAM"]
[Sun Nov 30 15:25:10.152208 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSxTxkR0pJY8_qkvKEEfRAAAAAM"]
[Sun Nov 30 15:25:10.152427 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSxTxkR0pJY8_qkvKEEfRAAAAAM"]
[Sun Nov 30 15:25:10.152630 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSxTxkR0pJY8_qkvKEEfRAAAAAM"]
[Sun Nov 30 15:25:10.602680 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSxTxkR0pJY8_qkvKEEfRgAAAAM"]
[Sun Nov 30 15:25:10.602861 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSxTxkR0pJY8_qkvKEEfRgAAAAM"]
[Sun Nov 30 15:25:10.603090 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSxTxkR0pJY8_qkvKEEfRgAAAAM"]
[Sun Nov 30 15:25:10.603297 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.old"] [unique_id "aSxTxkR0pJY8_qkvKEEfRgAAAAM"]
[Sun Nov 30 15:25:11.505561 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSxTx0R0pJY8_qkvKEEfSgAAAAM"]
[Sun Nov 30 15:25:11.505787 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSxTx0R0pJY8_qkvKEEfSgAAAAM"]
[Sun Nov 30 15:25:11.506006 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSxTx0R0pJY8_qkvKEEfSgAAAAM"]
[Sun Nov 30 15:25:11.731112 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSxTx0R0pJY8_qkvKEEfSwAAAAM"]
[Sun Nov 30 15:25:11.731334 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSxTx0R0pJY8_qkvKEEfSwAAAAM"]
[Sun Nov 30 15:25:11.731572 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSxTx0R0pJY8_qkvKEEfSwAAAAM"]
[Sun Nov 30 15:25:11.731799 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.bak"] [unique_id "aSxTx0R0pJY8_qkvKEEfSwAAAAM"]
[Sun Nov 30 15:25:12.180863 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aSxTyER0pJY8_qkvKEEfTQAAAAM"]
[Sun Nov 30 15:25:12.181051 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aSxTyER0pJY8_qkvKEEfTQAAAAM"]
[Sun Nov 30 15:25:12.181257 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aSxTyER0pJY8_qkvKEEfTQAAAAM"]
[Sun Nov 30 15:25:12.181447 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.bak"] [unique_id "aSxTyER0pJY8_qkvKEEfTQAAAAM"]
[Sun Nov 30 15:25:12.405312 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aSxTyER0pJY8_qkvKEEfTgAAAAM"]
[Sun Nov 30 15:25:12.406488 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aSxTyER0pJY8_qkvKEEfTgAAAAM"]
[Sun Nov 30 15:25:12.406709 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.swp"] [unique_id "aSxTyER0pJY8_qkvKEEfTgAAAAM"]
[Sun Nov 30 15:25:13.308633 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSxTyUR0pJY8_qkvKEEfUgAAAAM"]
[Sun Nov 30 15:25:13.308920 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSxTyUR0pJY8_qkvKEEfUgAAAAM"]
[Sun Nov 30 15:25:13.309194 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.save"] [unique_id "aSxTyUR0pJY8_qkvKEEfUgAAAAM"]
[Sun Nov 30 15:25:13.759994 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSxTyUR0pJY8_qkvKEEfVAAAAAM"]
[Sun Nov 30 15:25:13.760247 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSxTyUR0pJY8_qkvKEEfVAAAAAM"]
[Sun Nov 30 15:25:13.760475 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/docker/.env"] [unique_id "aSxTyUR0pJY8_qkvKEEfVAAAAAM"]
[Sun Nov 30 15:25:13.987738 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aSxTyUR0pJY8_qkvKEEfVQAAAAM"]
[Sun Nov 30 15:25:13.987905 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aSxTyUR0pJY8_qkvKEEfVQAAAAM"]
[Sun Nov 30 15:25:13.988112 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aSxTyUR0pJY8_qkvKEEfVQAAAAM"]
[Sun Nov 30 15:25:13.988325 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env.bak"] [unique_id "aSxTyUR0pJY8_qkvKEEfVQAAAAM"]
[Sun Nov 30 15:25:14.212697 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSxTykR0pJY8_qkvKEEfVgAAAAM"]
[Sun Nov 30 15:25:14.212923 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSxTykR0pJY8_qkvKEEfVgAAAAM"]
[Sun Nov 30 15:25:14.213124 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/psnlink/.env"] [unique_id "aSxTykR0pJY8_qkvKEEfVgAAAAM"]
[Sun Nov 30 15:25:14.437278 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSxTykR0pJY8_qkvKEEfVwAAAAM"]
[Sun Nov 30 15:25:14.437518 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSxTykR0pJY8_qkvKEEfVwAAAAM"]
[Sun Nov 30 15:25:14.437748 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cron/.env"] [unique_id "aSxTykR0pJY8_qkvKEEfVwAAAAM"]
[Sun Nov 30 15:25:14.661550 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aSxTykR0pJY8_qkvKEEfWAAAAAM"]
[Sun Nov 30 15:25:14.661911 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aSxTykR0pJY8_qkvKEEfWAAAAAM"]
[Sun Nov 30 15:25:14.662102 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.swp"] [unique_id "aSxTykR0pJY8_qkvKEEfWAAAAAM"]
[Sun Nov 30 15:25:14.891900 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSxTykR0pJY8_qkvKEEfWQAAAAM"]
[Sun Nov 30 15:25:14.892069 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSxTykR0pJY8_qkvKEEfWQAAAAM"]
[Sun Nov 30 15:25:14.892275 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSxTykR0pJY8_qkvKEEfWQAAAAM"]
[Sun Nov 30 15:25:14.892469 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.old"] [unique_id "aSxTykR0pJY8_qkvKEEfWQAAAAM"]
[Sun Nov 30 15:25:15.128423 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSxTy0R0pJY8_qkvKEEfWgAAAAM"]
[Sun Nov 30 15:25:15.128892 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSxTy0R0pJY8_qkvKEEfWgAAAAM"]
[Sun Nov 30 15:25:15.129164 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.backup"] [unique_id "aSxTy0R0pJY8_qkvKEEfWgAAAAM"]
[Sun Nov 30 15:25:15.579594 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSxTy0R0pJY8_qkvKEEfXAAAAAM"]
[Sun Nov 30 15:25:15.579814 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSxTy0R0pJY8_qkvKEEfXAAAAAM"]
[Sun Nov 30 15:25:15.580022 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/.env"] [unique_id "aSxTy0R0pJY8_qkvKEEfXAAAAAM"]
[Sun Nov 30 15:25:16.034488 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aSxTzER0pJY8_qkvKEEfXgAAAAM"]
[Sun Nov 30 15:25:16.034707 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aSxTzER0pJY8_qkvKEEfXgAAAAM"]
[Sun Nov 30 15:25:16.034907 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env~"] [unique_id "aSxTzER0pJY8_qkvKEEfXgAAAAM"]
[Sun Nov 30 15:25:16.262506 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aSxTzER0pJY8_qkvKEEfXwAAAAM"]
[Sun Nov 30 15:25:16.262677 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aSxTzER0pJY8_qkvKEEfXwAAAAM"]
[Sun Nov 30 15:25:16.262910 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aSxTzER0pJY8_qkvKEEfXwAAAAM"]
[Sun Nov 30 15:25:16.263135 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.bak"] [unique_id "aSxTzER0pJY8_qkvKEEfXwAAAAM"]
[Sun Nov 30 15:25:16.711776 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSxTzER0pJY8_qkvKEEfYQAAAAM"]
[Sun Nov 30 15:25:16.712129 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSxTzER0pJY8_qkvKEEfYQAAAAM"]
[Sun Nov 30 15:25:16.712356 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.backup"] [unique_id "aSxTzER0pJY8_qkvKEEfYQAAAAM"]
[Sun Nov 30 15:25:16.936747 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aSxTzER0pJY8_qkvKEEfYgAAAAM"]
[Sun Nov 30 15:25:16.936990 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aSxTzER0pJY8_qkvKEEfYgAAAAM"]
[Sun Nov 30 15:25:16.937213 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.2"] [unique_id "aSxTzER0pJY8_qkvKEEfYgAAAAM"]
[Sun Nov 30 15:25:17.836739 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSxTzUR0pJY8_qkvKEEfZgAAAAM"]
[Sun Nov 30 15:25:17.836964 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSxTzUR0pJY8_qkvKEEfZgAAAAM"]
[Sun Nov 30 15:25:17.837162 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env"] [unique_id "aSxTzUR0pJY8_qkvKEEfZgAAAAM"]
[Sun Nov 30 15:25:18.286714 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aSxTzkR0pJY8_qkvKEEfaAAAAAM"]
[Sun Nov 30 15:25:18.286907 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aSxTzkR0pJY8_qkvKEEfaAAAAAM"]
[Sun Nov 30 15:25:18.287161 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aSxTzkR0pJY8_qkvKEEfaAAAAAM"]
[Sun Nov 30 15:25:18.287382 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.bak"] [unique_id "aSxTzkR0pJY8_qkvKEEfaAAAAAM"]
[Sun Nov 30 15:25:18.512248 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aSxTzkR0pJY8_qkvKEEfaQAAAAM"]
[Sun Nov 30 15:25:18.512593 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aSxTzkR0pJY8_qkvKEEfaQAAAAM"]
[Sun Nov 30 15:25:18.512804 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.bak"] [unique_id "aSxTzkR0pJY8_qkvKEEfaQAAAAM"]
[Sun Nov 30 15:25:18.962394 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSxTzkR0pJY8_qkvKEEfawAAAAM"]
[Sun Nov 30 15:25:18.962618 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSxTzkR0pJY8_qkvKEEfawAAAAM"]
[Sun Nov 30 15:25:18.962830 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev"] [unique_id "aSxTzkR0pJY8_qkvKEEfawAAAAM"]
[Sun Nov 30 15:25:19.412123 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aSxTz0R0pJY8_qkvKEEfbQAAAAM"]
[Sun Nov 30 15:25:19.412465 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aSxTz0R0pJY8_qkvKEEfbQAAAAM"]
[Sun Nov 30 15:25:19.412664 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database.sql"] [unique_id "aSxTz0R0pJY8_qkvKEEfbQAAAAM"]
[Sun Nov 30 15:25:19.864064 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSxTz0R0pJY8_qkvKEEfbwAAAAM"]
[Sun Nov 30 15:25:19.864404 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSxTz0R0pJY8_qkvKEEfbwAAAAM"]
[Sun Nov 30 15:25:19.864609 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/test.php.backup"] [unique_id "aSxTz0R0pJY8_qkvKEEfbwAAAAM"]
[Sun Nov 30 15:25:20.088483 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSxT0ER0pJY8_qkvKEEfcAAAAAM"]
[Sun Nov 30 15:25:20.088708 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSxT0ER0pJY8_qkvKEEfcAAAAAM"]
[Sun Nov 30 15:25:20.088916 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.staging"] [unique_id "aSxT0ER0pJY8_qkvKEEfcAAAAAM"]
[Sun Nov 30 15:25:20.313543 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcQAAAAM"]
[Sun Nov 30 15:25:20.313736 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcQAAAAM"]
[Sun Nov 30 15:25:20.313960 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcQAAAAM"]
[Sun Nov 30 15:25:20.314188 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcQAAAAM"]
[Sun Nov 30 15:25:20.539639 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcgAAAAM"]
[Sun Nov 30 15:25:20.539818 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcgAAAAM"]
[Sun Nov 30 15:25:20.540025 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcgAAAAM"]
[Sun Nov 30 15:25:20.540222 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.old"] [unique_id "aSxT0ER0pJY8_qkvKEEfcgAAAAM"]
[Sun Nov 30 15:25:20.764293 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aSxT0ER0pJY8_qkvKEEfcwAAAAM"]
[Sun Nov 30 15:25:20.764797 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aSxT0ER0pJY8_qkvKEEfcwAAAAM"]
[Sun Nov 30 15:25:20.765107 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.swp"] [unique_id "aSxT0ER0pJY8_qkvKEEfcwAAAAM"]
[Sun Nov 30 15:25:21.216541 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSxT0UR0pJY8_qkvKEEfdQAAAAM"]
[Sun Nov 30 15:25:21.216776 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSxT0UR0pJY8_qkvKEEfdQAAAAM"]
[Sun Nov 30 15:25:21.216987 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/administrator/.env"] [unique_id "aSxT0UR0pJY8_qkvKEEfdQAAAAM"]
[Sun Nov 30 15:25:21.666230 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_error.log"] [unique_id "aSxT0UR0pJY8_qkvKEEfdwAAAAM"]
[Sun Nov 30 15:25:21.666627 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_error.log"] [unique_id "aSxT0UR0pJY8_qkvKEEfdwAAAAM"]
[Sun Nov 30 15:25:21.666840 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_error.log"] [unique_id "aSxT0UR0pJY8_qkvKEEfdwAAAAM"]
[Sun Nov 30 15:25:21.890760 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSxT0UR0pJY8_qkvKEEfeAAAAAM"]
[Sun Nov 30 15:25:21.890985 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSxT0UR0pJY8_qkvKEEfeAAAAAM"]
[Sun Nov 30 15:25:21.891194 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/modules/.env"] [unique_id "aSxT0UR0pJY8_qkvKEEfeAAAAAM"]
[Sun Nov 30 15:25:22.115603 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSxT0kR0pJY8_qkvKEEfeQAAAAM"]
[Sun Nov 30 15:25:22.115823 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSxT0kR0pJY8_qkvKEEfeQAAAAM"]
[Sun Nov 30 15:25:22.116066 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.remote"] [unique_id "aSxT0kR0pJY8_qkvKEEfeQAAAAM"]
[Sun Nov 30 15:25:22.791221 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/errors.log"] [unique_id "aSxT0kR0pJY8_qkvKEEffAAAAAM"]
[Sun Nov 30 15:25:22.792367 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/errors.log"] [unique_id "aSxT0kR0pJY8_qkvKEEffAAAAAM"]
[Sun Nov 30 15:25:22.792567 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/errors.log"] [unique_id "aSxT0kR0pJY8_qkvKEEffAAAAAM"]
[Sun Nov 30 15:25:23.023009 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSxT00R0pJY8_qkvKEEffQAAAAM"]
[Sun Nov 30 15:25:23.023177 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSxT00R0pJY8_qkvKEEffQAAAAM"]
[Sun Nov 30 15:25:23.023394 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSxT00R0pJY8_qkvKEEffQAAAAM"]
[Sun Nov 30 15:25:23.023594 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.old"] [unique_id "aSxT00R0pJY8_qkvKEEffQAAAAM"]
[Sun Nov 30 15:25:23.472268 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSxT00R0pJY8_qkvKEEffwAAAAM"]
[Sun Nov 30 15:25:23.472488 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSxT00R0pJY8_qkvKEEffwAAAAM"]
[Sun Nov 30 15:25:23.472689 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env"] [unique_id "aSxT00R0pJY8_qkvKEEffwAAAAM"]
[Sun Nov 30 15:25:24.372137 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.config"] [unique_id "aSxT1ER0pJY8_qkvKEEfgwAAAAM"]
[Sun Nov 30 15:25:24.372483 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.config"] [unique_id "aSxT1ER0pJY8_qkvKEEfgwAAAAM"]
[Sun Nov 30 15:25:24.372686 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.config"] [unique_id "aSxT1ER0pJY8_qkvKEEfgwAAAAM"]
[Sun Nov 30 15:25:24.597029 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSxT1ER0pJY8_qkvKEEfhAAAAAM"]
[Sun Nov 30 15:25:24.597253 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSxT1ER0pJY8_qkvKEEfhAAAAAM"]
[Sun Nov 30 15:25:24.597451 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env"] [unique_id "aSxT1ER0pJY8_qkvKEEfhAAAAAM"]
[Sun Nov 30 15:25:24.821574 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aSxT1ER0pJY8_qkvKEEfhQAAAAM"]
[Sun Nov 30 15:25:24.821927 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aSxT1ER0pJY8_qkvKEEfhQAAAAM"]
[Sun Nov 30 15:25:24.822128 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/error.log"] [unique_id "aSxT1ER0pJY8_qkvKEEfhQAAAAM"]
[Sun Nov 30 15:25:25.270942 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSxT1UR0pJY8_qkvKEEfhwAAAAM"]
[Sun Nov 30 15:25:25.271158 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSxT1UR0pJY8_qkvKEEfhwAAAAM"]
[Sun Nov 30 15:25:25.271349 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSxT1UR0pJY8_qkvKEEfhwAAAAM"]
[Sun Nov 30 15:25:25.495292 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSxT1UR0pJY8_qkvKEEfiAAAAAM"]
[Sun Nov 30 15:25:25.495520 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSxT1UR0pJY8_qkvKEEfiAAAAAM"]
[Sun Nov 30 15:25:25.495723 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/tools/.env"] [unique_id "aSxT1UR0pJY8_qkvKEEfiAAAAAM"]
[Sun Nov 30 15:25:25.720122 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSxT1UR0pJY8_qkvKEEfiQAAAAM"]
[Sun Nov 30 15:25:25.720293 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSxT1UR0pJY8_qkvKEEfiQAAAAM"]
[Sun Nov 30 15:25:25.720502 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSxT1UR0pJY8_qkvKEEfiQAAAAM"]
[Sun Nov 30 15:25:25.720800 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/vendor/.env.old"] [unique_id "aSxT1UR0pJY8_qkvKEEfiQAAAAM"]
[Sun Nov 30 15:25:27.074193 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aSxT10R0pJY8_qkvKEEfjwAAAAM"]
[Sun Nov 30 15:25:27.074460 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aSxT10R0pJY8_qkvKEEfjwAAAAM"]
[Sun Nov 30 15:25:27.074689 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.dev.local"] [unique_id "aSxT10R0pJY8_qkvKEEfjwAAAAM"]
[Sun Nov 30 15:25:28.201003 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSxT2ER0pJY8_qkvKEEflAAAAAM"]
[Sun Nov 30 15:25:28.201345 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSxT2ER0pJY8_qkvKEEflAAAAAM"]
[Sun Nov 30 15:25:28.201550 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/phpinfo.php.old"] [unique_id "aSxT2ER0pJY8_qkvKEEflAAAAAM"]
[Sun Nov 30 15:25:28.875485 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSxT2ER0pJY8_qkvKEEflwAAAAM"]
[Sun Nov 30 15:25:28.875692 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSxT2ER0pJY8_qkvKEEflwAAAAM"]
[Sun Nov 30 15:25:28.875882 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backend/.env"] [unique_id "aSxT2ER0pJY8_qkvKEEflwAAAAM"]
[Sun Nov 30 15:25:29.325514 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aSxT2UR0pJY8_qkvKEEfmQAAAAM"]
[Sun Nov 30 15:25:29.325847 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aSxT2UR0pJY8_qkvKEEfmQAAAAM"]
[Sun Nov 30 15:25:29.326044 2025] [:error] [pid 429217] [client 18.228.238.136:57916] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/dump.sql"] [unique_id "aSxT2UR0pJY8_qkvKEEfmQAAAAM"]
[Sun Nov 30 15:25:30.001882 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36AAAAEU"]
[Sun Nov 30 15:25:30.002042 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36AAAAEU"]
[Sun Nov 30 15:25:30.002253 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36AAAAEU"]
[Sun Nov 30 15:25:30.002470 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36AAAAEU"]
[Sun Nov 30 15:25:30.451594 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36gAAAEU"]
[Sun Nov 30 15:25:30.451783 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36gAAAEU"]
[Sun Nov 30 15:25:30.451991 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36gAAAEU"]
[Sun Nov 30 15:25:30.452195 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSxT2n-YzzK-2pqhifF36gAAAEU"]
[Sun Nov 30 15:25:30.678165 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSxT2n-YzzK-2pqhifF36wAAAEU"]
[Sun Nov 30 15:25:30.678330 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSxT2n-YzzK-2pqhifF36wAAAEU"]
[Sun Nov 30 15:25:30.678579 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSxT2n-YzzK-2pqhifF36wAAAEU"]
[Sun Nov 30 15:25:30.678773 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSxT2n-YzzK-2pqhifF36wAAAEU"]
[Sun Nov 30 15:25:30.905783 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSxT2n-YzzK-2pqhifF37AAAAEU"]
[Sun Nov 30 15:25:30.906015 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSxT2n-YzzK-2pqhifF37AAAAEU"]
[Sun Nov 30 15:25:30.906241 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.tmp"] [unique_id "aSxT2n-YzzK-2pqhifF37AAAAEU"]
[Sun Nov 30 15:25:31.131716 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSxT23-YzzK-2pqhifF37QAAAEU"]
[Sun Nov 30 15:25:31.132083 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSxT23-YzzK-2pqhifF37QAAAEU"]
[Sun Nov 30 15:25:31.132309 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/php_info.php.old"] [unique_id "aSxT23-YzzK-2pqhifF37QAAAEU"]
[Sun Nov 30 15:25:31.356259 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/config/config.yml" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config.yml found within REQUEST_FILENAME: /config/config.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aSxT23-YzzK-2pqhifF37gAAAEU"]
[Sun Nov 30 15:25:31.356483 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aSxT23-YzzK-2pqhifF37gAAAEU"]
[Sun Nov 30 15:25:31.356709 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/config.yml"] [unique_id "aSxT23-YzzK-2pqhifF37gAAAEU"]
[Sun Nov 30 15:25:31.805576 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aSxT23-YzzK-2pqhifF38AAAAEU"]
[Sun Nov 30 15:25:31.805754 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aSxT23-YzzK-2pqhifF38AAAAEU"]
[Sun Nov 30 15:25:31.805965 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aSxT23-YzzK-2pqhifF38AAAAEU"]
[Sun Nov 30 15:25:31.806179 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web.config"] [unique_id "aSxT23-YzzK-2pqhifF38AAAAEU"]
[Sun Nov 30 15:25:32.255212 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aSxT3H-YzzK-2pqhifF38gAAAEU"]
[Sun Nov 30 15:25:32.255428 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aSxT3H-YzzK-2pqhifF38gAAAEU"]
[Sun Nov 30 15:25:32.255628 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/server/.env"] [unique_id "aSxT3H-YzzK-2pqhifF38gAAAEU"]
[Sun Nov 30 15:25:32.711635 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/application.log"] [unique_id "aSxT3H-YzzK-2pqhifF39AAAAEU"]
[Sun Nov 30 15:25:32.712109 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/application.log"] [unique_id "aSxT3H-YzzK-2pqhifF39AAAAEU"]
[Sun Nov 30 15:25:32.712380 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/logs/application.log"] [unique_id "aSxT3H-YzzK-2pqhifF39AAAAEU"]
[Sun Nov 30 15:25:32.936127 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase ".aws/config" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/config found within REQUEST_FILENAME: /.aws/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSxT3H-YzzK-2pqhifF39QAAAEU"]
[Sun Nov 30 15:25:32.936361 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSxT3H-YzzK-2pqhifF39QAAAEU"]
[Sun Nov 30 15:25:32.938400 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/config"] [unique_id "aSxT3H-YzzK-2pqhifF39QAAAEU"]
[Sun Nov 30 15:25:33.618189 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSxT3X-YzzK-2pqhifF3-AAAAEU"]
[Sun Nov 30 15:25:33.618441 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSxT3X-YzzK-2pqhifF3-AAAAEU"]
[Sun Nov 30 15:25:33.618643 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.save"] [unique_id "aSxT3X-YzzK-2pqhifF3-AAAAEU"]
[Sun Nov 30 15:25:33.844088 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/log/error.log"] [unique_id "aSxT3X-YzzK-2pqhifF3-QAAAEU"]
[Sun Nov 30 15:25:33.844419 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/log/error.log"] [unique_id "aSxT3X-YzzK-2pqhifF3-QAAAEU"]
[Sun Nov 30 15:25:33.844623 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/log/error.log"] [unique_id "aSxT3X-YzzK-2pqhifF3-QAAAEU"]
[Sun Nov 30 15:25:34.068391 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSxT3n-YzzK-2pqhifF3-gAAAEU"]
[Sun Nov 30 15:25:34.068613 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSxT3n-YzzK-2pqhifF3-gAAAEU"]
[Sun Nov 30 15:25:34.068813 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/cronlab/.env"] [unique_id "aSxT3n-YzzK-2pqhifF3-gAAAEU"]
[Sun Nov 30 15:25:34.517498 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aSxT3n-YzzK-2pqhifF3_AAAAEU"]
[Sun Nov 30 15:25:34.517754 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aSxT3n-YzzK-2pqhifF3_AAAAEU"]
[Sun Nov 30 15:25:34.517996 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.prod.local"] [unique_id "aSxT3n-YzzK-2pqhifF3_AAAAEU"]
[Sun Nov 30 15:25:34.742052 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSxT3n-YzzK-2pqhifF3_QAAAEU"]
[Sun Nov 30 15:25:34.742292 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSxT3n-YzzK-2pqhifF3_QAAAEU"]
[Sun Nov 30 15:25:34.742528 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env"] [unique_id "aSxT3n-YzzK-2pqhifF3_QAAAEU"]
[Sun Nov 30 15:25:35.867676 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aSxT33-YzzK-2pqhifF4AgAAAEU"]
[Sun Nov 30 15:25:35.867846 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /themes/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aSxT33-YzzK-2pqhifF4AgAAAEU"]
[Sun Nov 30 15:25:35.868055 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aSxT33-YzzK-2pqhifF4AgAAAEU"]
[Sun Nov 30 15:25:35.868266 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/themes/.env.bak"] [unique_id "aSxT33-YzzK-2pqhifF4AgAAAEU"]
[Sun Nov 30 15:25:36.092548 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aSxT4H-YzzK-2pqhifF4AwAAAEU"]
[Sun Nov 30 15:25:36.092868 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aSxT4H-YzzK-2pqhifF4AwAAAEU"]
[Sun Nov 30 15:25:36.093061 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.bak"] [unique_id "aSxT4H-YzzK-2pqhifF4AwAAAEU"]
[Sun Nov 30 15:25:36.771872 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSxT4H-YzzK-2pqhifF4BgAAAEU"]
[Sun Nov 30 15:25:36.772092 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSxT4H-YzzK-2pqhifF4BgAAAEU"]
[Sun Nov 30 15:25:36.772304 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.save"] [unique_id "aSxT4H-YzzK-2pqhifF4BgAAAEU"]
[Sun Nov 30 15:25:37.445879 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aSxT4X-YzzK-2pqhifF4CQAAAEU"]
[Sun Nov 30 15:25:37.446040 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aSxT4X-YzzK-2pqhifF4CQAAAEU"]
[Sun Nov 30 15:25:37.446259 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aSxT4X-YzzK-2pqhifF4CQAAAEU"]
[Sun Nov 30 15:25:37.446482 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php.old"] [unique_id "aSxT4X-YzzK-2pqhifF4CQAAAEU"]
[Sun Nov 30 15:25:38.348869 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSxT4n-YzzK-2pqhifF4DQAAAEU"]
[Sun Nov 30 15:25:38.349100 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSxT4n-YzzK-2pqhifF4DQAAAEU"]
[Sun Nov 30 15:25:38.349319 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.aws/credentials"] [unique_id "aSxT4n-YzzK-2pqhifF4DQAAAEU"]
[Sun Nov 30 15:25:38.797897 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSxT4n-YzzK-2pqhifF4DwAAAEU"]
[Sun Nov 30 15:25:38.798129 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSxT4n-YzzK-2pqhifF4DwAAAEU"]
[Sun Nov 30 15:25:38.798333 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/uploads/.env"] [unique_id "aSxT4n-YzzK-2pqhifF4DwAAAEU"]
[Sun Nov 30 15:25:39.022545 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSxT43-YzzK-2pqhifF4EAAAAEU"]
[Sun Nov 30 15:25:39.022822 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSxT43-YzzK-2pqhifF4EAAAAEU"]
[Sun Nov 30 15:25:39.023044 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env"] [unique_id "aSxT43-YzzK-2pqhifF4EAAAAEU"]
[Sun Nov 30 15:25:39.246898 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSxT43-YzzK-2pqhifF4EQAAAEU"]
[Sun Nov 30 15:25:39.247137 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSxT43-YzzK-2pqhifF4EQAAAEU"]
[Sun Nov 30 15:25:39.247340 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.save"] [unique_id "aSxT43-YzzK-2pqhifF4EQAAAEU"]
[Sun Nov 30 15:25:39.471597 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aSxT43-YzzK-2pqhifF4EgAAAEU"]
[Sun Nov 30 15:25:39.471858 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aSxT43-YzzK-2pqhifF4EgAAAEU"]
[Sun Nov 30 15:25:39.472074 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/frontend/.env"] [unique_id "aSxT43-YzzK-2pqhifF4EgAAAEU"]
[Sun Nov 30 15:25:40.144854 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSxT5H-YzzK-2pqhifF4FQAAAEU"]
[Sun Nov 30 15:25:40.145023 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSxT5H-YzzK-2pqhifF4FQAAAEU"]
[Sun Nov 30 15:25:40.145248 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSxT5H-YzzK-2pqhifF4FQAAAEU"]
[Sun Nov 30 15:25:40.145457 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/lib/.env.old"] [unique_id "aSxT5H-YzzK-2pqhifF4FQAAAEU"]
[Sun Nov 30 15:25:40.596062 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aSxT5H-YzzK-2pqhifF4FwAAAEU"]
[Sun Nov 30 15:25:40.596293 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aSxT5H-YzzK-2pqhifF4FwAAAEU"]
[Sun Nov 30 15:25:40.596489 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/client/.env"] [unique_id "aSxT5H-YzzK-2pqhifF4FwAAAEU"]
[Sun Nov 30 15:25:41.500937 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSxT5X-YzzK-2pqhifF4GwAAAEU"]
[Sun Nov 30 15:25:41.501167 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSxT5X-YzzK-2pqhifF4GwAAAEU"]
[Sun Nov 30 15:25:41.501374 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSxT5X-YzzK-2pqhifF4GwAAAEU"]
[Sun Nov 30 15:25:41.731451 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSxT5X-YzzK-2pqhifF4HAAAAEU"]
[Sun Nov 30 15:25:41.731625 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSxT5X-YzzK-2pqhifF4HAAAAEU"]
[Sun Nov 30 15:25:41.731851 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSxT5X-YzzK-2pqhifF4HAAAAEU"]
[Sun Nov 30 15:25:41.732043 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSxT5X-YzzK-2pqhifF4HAAAAEU"]
[Sun Nov 30 15:25:42.183172 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSxT5n-YzzK-2pqhifF4HgAAAEU"]
[Sun Nov 30 15:25:42.183411 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSxT5n-YzzK-2pqhifF4HgAAAEU"]
[Sun Nov 30 15:25:42.183633 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSxT5n-YzzK-2pqhifF4HgAAAEU"]
[Sun Nov 30 15:25:42.631945 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aSxT5n-YzzK-2pqhifF4IAAAAEU"]
[Sun Nov 30 15:25:42.632313 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aSxT5n-YzzK-2pqhifF4IAAAAEU"]
[Sun Nov 30 15:25:42.632533 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/var/log/nginx/error.log"] [unique_id "aSxT5n-YzzK-2pqhifF4IAAAAEU"]
[Sun Nov 30 15:25:42.856460 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aSxT5n-YzzK-2pqhifF4IQAAAEU"]
[Sun Nov 30 15:25:42.856831 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aSxT5n-YzzK-2pqhifF4IQAAAEU"]
[Sun Nov 30 15:25:42.857048 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aSxT5n-YzzK-2pqhifF4IQAAAEU"]
[Sun Nov 30 15:25:43.081303 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSxT53-YzzK-2pqhifF4IgAAAEU"]
[Sun Nov 30 15:25:43.081474 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSxT53-YzzK-2pqhifF4IgAAAEU"]
[Sun Nov 30 15:25:43.081677 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSxT53-YzzK-2pqhifF4IgAAAEU"]
[Sun Nov 30 15:25:43.081882 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSxT53-YzzK-2pqhifF4IgAAAEU"]
[Sun Nov 30 15:25:43.530703 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.DS_Store" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.DS_Store found within REQUEST_FILENAME: /.ds_store"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSxT53-YzzK-2pqhifF4JAAAAEU"]
[Sun Nov 30 15:25:43.530927 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSxT53-YzzK-2pqhifF4JAAAAEU"]
[Sun Nov 30 15:25:43.531142 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.DS_Store"] [unique_id "aSxT53-YzzK-2pqhifF4JAAAAEU"]
[Sun Nov 30 15:25:43.755511 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSxT53-YzzK-2pqhifF4JQAAAEU"]
[Sun Nov 30 15:25:43.755751 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSxT53-YzzK-2pqhifF4JQAAAEU"]
[Sun Nov 30 15:25:43.755985 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/en/.env"] [unique_id "aSxT53-YzzK-2pqhifF4JQAAAEU"]
[Sun Nov 30 15:25:43.979711 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aSxT53-YzzK-2pqhifF4JgAAAEU"]
[Sun Nov 30 15:25:43.980070 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aSxT53-YzzK-2pqhifF4JgAAAEU"]
[Sun Nov 30 15:25:43.980284 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aSxT53-YzzK-2pqhifF4JgAAAEU"]
[Sun Nov 30 15:25:44.204014 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSxT6H-YzzK-2pqhifF4JwAAAEU"]
[Sun Nov 30 15:25:44.204235 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSxT6H-YzzK-2pqhifF4JwAAAEU"]
[Sun Nov 30 15:25:44.204446 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.save"] [unique_id "aSxT6H-YzzK-2pqhifF4JwAAAEU"]
[Sun Nov 30 15:25:44.429398 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aSxT6H-YzzK-2pqhifF4KAAAAEU"]
[Sun Nov 30 15:25:44.429569 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aSxT6H-YzzK-2pqhifF4KAAAAEU"]
[Sun Nov 30 15:25:44.429778 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aSxT6H-YzzK-2pqhifF4KAAAAEU"]
[Sun Nov 30 15:25:44.429992 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.bak"] [unique_id "aSxT6H-YzzK-2pqhifF4KAAAAEU"]
[Sun Nov 30 15:25:44.879511 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSxT6H-YzzK-2pqhifF4KgAAAEU"]
[Sun Nov 30 15:25:44.879727 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSxT6H-YzzK-2pqhifF4KgAAAEU"]
[Sun Nov 30 15:25:44.879945 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/plugins/.env"] [unique_id "aSxT6H-YzzK-2pqhifF4KgAAAEU"]
[Sun Nov 30 15:25:45.103856 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSxT6X-YzzK-2pqhifF4KwAAAEU"]
[Sun Nov 30 15:25:45.104075 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSxT6X-YzzK-2pqhifF4KwAAAEU"]
[Sun Nov 30 15:25:45.104282 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.sample"] [unique_id "aSxT6X-YzzK-2pqhifF4KwAAAEU"]
[Sun Nov 30 15:25:45.328133 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aSxT6X-YzzK-2pqhifF4LAAAAEU"]
[Sun Nov 30 15:25:45.328355 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aSxT6X-YzzK-2pqhifF4LAAAAEU"]
[Sun Nov 30 15:25:45.328577 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development.local"] [unique_id "aSxT6X-YzzK-2pqhifF4LAAAAEU"]
[Sun Nov 30 15:25:45.552340 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSxT6X-YzzK-2pqhifF4LQAAAEU"]
[Sun Nov 30 15:25:45.552575 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSxT6X-YzzK-2pqhifF4LQAAAEU"]
[Sun Nov 30 15:25:45.553224 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSxT6X-YzzK-2pqhifF4LQAAAEU"]
[Sun Nov 30 15:25:45.777171 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSxT6X-YzzK-2pqhifF4LgAAAEU"]
[Sun Nov 30 15:25:45.777391 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSxT6X-YzzK-2pqhifF4LgAAAEU"]
[Sun Nov 30 15:25:45.777598 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/site/.env"] [unique_id "aSxT6X-YzzK-2pqhifF4LgAAAEU"]
[Sun Nov 30 15:25:46.228497 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aSxT6n-YzzK-2pqhifF4MAAAAEU"]
[Sun Nov 30 15:25:46.228985 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aSxT6n-YzzK-2pqhifF4MAAAAEU"]
[Sun Nov 30 15:25:46.229267 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/backup.sql"] [unique_id "aSxT6n-YzzK-2pqhifF4MAAAAEU"]
[Sun Nov 30 15:25:46.454828 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSxT6n-YzzK-2pqhifF4MQAAAEU"]
[Sun Nov 30 15:25:46.455070 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSxT6n-YzzK-2pqhifF4MQAAAEU"]
[Sun Nov 30 15:25:46.455307 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSxT6n-YzzK-2pqhifF4MQAAAEU"]
[Sun Nov 30 15:25:47.128710 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSxT63-YzzK-2pqhifF4NAAAAEU"]
[Sun Nov 30 15:25:47.128892 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSxT63-YzzK-2pqhifF4NAAAAEU"]
[Sun Nov 30 15:25:47.129120 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSxT63-YzzK-2pqhifF4NAAAAEU"]
[Sun Nov 30 15:25:47.129362 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSxT63-YzzK-2pqhifF4NAAAAEU"]
[Sun Nov 30 15:25:47.352874 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/logs/prod.log"] [unique_id "aSxT63-YzzK-2pqhifF4NQAAAEU"]
[Sun Nov 30 15:25:47.353268 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/logs/prod.log"] [unique_id "aSxT63-YzzK-2pqhifF4NQAAAEU"]
[Sun Nov 30 15:25:47.353491 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/logs/prod.log"] [unique_id "aSxT63-YzzK-2pqhifF4NQAAAEU"]
[Sun Nov 30 15:25:47.577443 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aSxT63-YzzK-2pqhifF4NgAAAEU"]
[Sun Nov 30 15:25:47.577662 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aSxT63-YzzK-2pqhifF4NgAAAEU"]
[Sun Nov 30 15:25:47.577877 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aSxT63-YzzK-2pqhifF4NgAAAEU"]
[Sun Nov 30 15:25:48.026330 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aSxT7H-YzzK-2pqhifF4OAAAAEU"]
[Sun Nov 30 15:25:48.026564 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aSxT7H-YzzK-2pqhifF4OAAAAEU"]
[Sun Nov 30 15:25:48.026793 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aSxT7H-YzzK-2pqhifF4OAAAAEU"]
[Sun Nov 30 15:25:48.026996 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/application/.env.bak"] [unique_id "aSxT7H-YzzK-2pqhifF4OAAAAEU"]
[Sun Nov 30 15:25:49.149637 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSxT7X-YzzK-2pqhifF4PQAAAEU"]
[Sun Nov 30 15:25:49.149974 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSxT7X-YzzK-2pqhifF4PQAAAEU"]
[Sun Nov 30 15:25:49.150216 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/info.php.old"] [unique_id "aSxT7X-YzzK-2pqhifF4PQAAAEU"]
[Sun Nov 30 15:25:49.373884 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/datavase/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSxT7X-YzzK-2pqhifF4PgAAAEU"]
[Sun Nov 30 15:25:49.374100 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSxT7X-YzzK-2pqhifF4PgAAAEU"]
[Sun Nov 30 15:25:49.374371 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/Datavase/.env"] [unique_id "aSxT7X-YzzK-2pqhifF4PgAAAEU"]
[Sun Nov 30 15:25:49.823695 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSxT7X-YzzK-2pqhifF4QAAAAEU"]
[Sun Nov 30 15:25:49.823913 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSxT7X-YzzK-2pqhifF4QAAAAEU"]
[Sun Nov 30 15:25:49.824117 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env"] [unique_id "aSxT7X-YzzK-2pqhifF4QAAAAEU"]
[Sun Nov 30 15:25:50.273738 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app.config"] [unique_id "aSxT7n-YzzK-2pqhifF4QgAAAEU"]
[Sun Nov 30 15:25:50.274072 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app.config"] [unique_id "aSxT7n-YzzK-2pqhifF4QgAAAEU"]
[Sun Nov 30 15:25:50.274273 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app.config"] [unique_id "aSxT7n-YzzK-2pqhifF4QgAAAEU"]
[Sun Nov 30 15:25:50.951478 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSxT7n-YzzK-2pqhifF4RQAAAEU"]
[Sun Nov 30 15:25:50.951708 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSxT7n-YzzK-2pqhifF4RQAAAEU"]
[Sun Nov 30 15:25:50.951945 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/sitemaps/.env"] [unique_id "aSxT7n-YzzK-2pqhifF4RQAAAEU"]
[Sun Nov 30 15:25:51.176078 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSxT73-YzzK-2pqhifF4RgAAAEU"]
[Sun Nov 30 15:25:51.176337 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSxT73-YzzK-2pqhifF4RgAAAEU"]
[Sun Nov 30 15:25:51.176583 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.save"] [unique_id "aSxT73-YzzK-2pqhifF4RgAAAEU"]
[Sun Nov 30 15:25:51.401703 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4RwAAAEU"]
[Sun Nov 30 15:25:51.401868 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4RwAAAEU"]
[Sun Nov 30 15:25:51.402082 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4RwAAAEU"]
[Sun Nov 30 15:25:51.402271 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4RwAAAEU"]
[Sun Nov 30 15:25:51.626998 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4SAAAAEU"]
[Sun Nov 30 15:25:51.627171 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4SAAAAEU"]
[Sun Nov 30 15:25:51.627376 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4SAAAAEU"]
[Sun Nov 30 15:25:51.627582 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/admin/.env.bak"] [unique_id "aSxT73-YzzK-2pqhifF4SAAAAEU"]
[Sun Nov 30 15:25:51.852673 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aSxT73-YzzK-2pqhifF4SQAAAEU"]
[Sun Nov 30 15:25:51.853015 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aSxT73-YzzK-2pqhifF4SQAAAEU"]
[Sun Nov 30 15:25:51.853221 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/db_backup.sql"] [unique_id "aSxT73-YzzK-2pqhifF4SQAAAEU"]
[Sun Nov 30 15:25:52.528083 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSxT8H-YzzK-2pqhifF4TAAAAEU"]
[Sun Nov 30 15:25:52.528305 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSxT8H-YzzK-2pqhifF4TAAAAEU"]
[Sun Nov 30 15:25:52.528500 2025] [:error] [pid 427804] [client 18.228.238.136:33102] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/.env.save"] [unique_id "aSxT8H-YzzK-2pqhifF4TAAAAEU"]
[Sun Nov 30 15:25:53.222657 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. Matched phrase ".docker/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .docker/ found within REQUEST_FILENAME: /.docker/config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aSxT8dS7rIt1xMi8OZXl0AAAAAE"]
[Sun Nov 30 15:25:53.222894 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aSxT8dS7rIt1xMi8OZXl0AAAAAE"]
[Sun Nov 30 15:25:53.223075 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.docker/config.json"] [unique_id "aSxT8dS7rIt1xMi8OZXl0AAAAAE"]
[Sun Nov 30 15:25:53.453030 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSxT8dS7rIt1xMi8OZXl0QAAAAE"]
[Sun Nov 30 15:25:53.453244 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSxT8dS7rIt1xMi8OZXl0QAAAAE"]
[Sun Nov 30 15:25:53.453428 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.orig"] [unique_id "aSxT8dS7rIt1xMi8OZXl0QAAAAE"]
[Sun Nov 30 15:25:54.147655 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSxT8tS7rIt1xMi8OZXl1AAAAAE"]
[Sun Nov 30 15:25:54.147872 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSxT8tS7rIt1xMi8OZXl1AAAAAE"]
[Sun Nov 30 15:25:54.148088 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.save"] [unique_id "aSxT8tS7rIt1xMi8OZXl1AAAAAE"]
[Sun Nov 30 15:25:54.378034 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/logs/dev.log"] [unique_id "aSxT8tS7rIt1xMi8OZXl1QAAAAE"]
[Sun Nov 30 15:25:54.378436 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/logs/dev.log"] [unique_id "aSxT8tS7rIt1xMi8OZXl1QAAAAE"]
[Sun Nov 30 15:25:54.378654 2025] [:error] [pid 429215] [client 18.228.238.136:36500] [client 18.228.238.136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/logs/dev.log"] [unique_id "aSxT8tS7rIt1xMi8OZXl1QAAAAE"]
[Sun Nov 30 18:08:29.817617 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSx6DV1RgwzjQxTFQvL8_AAAAAg"]
[Sun Nov 30 18:08:29.817785 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSx6DV1RgwzjQxTFQvL8_AAAAAg"]
[Sun Nov 30 18:08:29.817982 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSx6DV1RgwzjQxTFQvL8_AAAAAg"]
[Sun Nov 30 18:08:29.818159 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.old"] [unique_id "aSx6DV1RgwzjQxTFQvL8_AAAAAg"]
[Sun Nov 30 18:08:30.048247 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aSx6Dl1RgwzjQxTFQvL8_QAAAAg"]
[Sun Nov 30 18:08:30.048489 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aSx6Dl1RgwzjQxTFQvL8_QAAAAg"]
[Sun Nov 30 18:08:30.048706 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/wp-config.php~"] [unique_id "aSx6Dl1RgwzjQxTFQvL8_QAAAAg"]
[Sun Nov 30 18:08:30.278573 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSx6Dl1RgwzjQxTFQvL8_gAAAAg"]
[Sun Nov 30 18:08:30.278804 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSx6Dl1RgwzjQxTFQvL8_gAAAAg"]
[Sun Nov 30 18:08:30.279510 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/saas/.env"] [unique_id "aSx6Dl1RgwzjQxTFQvL8_gAAAAg"]
[Sun Nov 30 18:08:30.739401 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSx6Dl1RgwzjQxTFQvL9AAAAAAg"]
[Sun Nov 30 18:08:30.739564 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSx6Dl1RgwzjQxTFQvL9AAAAAAg"]
[Sun Nov 30 18:08:30.739779 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSx6Dl1RgwzjQxTFQvL9AAAAAAg"]
[Sun Nov 30 18:08:30.739986 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.swp"] [unique_id "aSx6Dl1RgwzjQxTFQvL9AAAAAAg"]
[Sun Nov 30 18:08:30.969856 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSx6Dl1RgwzjQxTFQvL9AQAAAAg"]
[Sun Nov 30 18:08:30.970155 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSx6Dl1RgwzjQxTFQvL9AQAAAAg"]
[Sun Nov 30 18:08:30.970446 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/database/.env"] [unique_id "aSx6Dl1RgwzjQxTFQvL9AQAAAAg"]
[Sun Nov 30 18:08:31.200141 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSx6D11RgwzjQxTFQvL9AgAAAAg"]
[Sun Nov 30 18:08:31.200375 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSx6D11RgwzjQxTFQvL9AgAAAAg"]
[Sun Nov 30 18:08:31.200591 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/laravel/.env"] [unique_id "aSx6D11RgwzjQxTFQvL9AgAAAAg"]
[Sun Nov 30 18:08:31.892022 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aSx6D11RgwzjQxTFQvL9BQAAAAg"]
[Sun Nov 30 18:08:31.892348 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aSx6D11RgwzjQxTFQvL9BQAAAAg"]
[Sun Nov 30 18:08:31.892556 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Thumbs.db"] [unique_id "aSx6D11RgwzjQxTFQvL9BQAAAAg"]
[Sun Nov 30 18:08:32.352544 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aSx6EF1RgwzjQxTFQvL9BwAAAAg"]
[Sun Nov 30 18:08:32.352905 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aSx6EF1RgwzjQxTFQvL9BwAAAAg"]
[Sun Nov 30 18:08:32.353150 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/error.log"] [unique_id "aSx6EF1RgwzjQxTFQvL9BwAAAAg"]
[Sun Nov 30 18:08:32.583143 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /includes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSx6EF1RgwzjQxTFQvL9CAAAAAg"]
[Sun Nov 30 18:08:32.583363 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSx6EF1RgwzjQxTFQvL9CAAAAAg"]
[Sun Nov 30 18:08:32.583578 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/includes/.env"] [unique_id "aSx6EF1RgwzjQxTFQvL9CAAAAAg"]
[Sun Nov 30 18:08:32.813149 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSx6EF1RgwzjQxTFQvL9CQAAAAg"]
[Sun Nov 30 18:08:32.813394 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSx6EF1RgwzjQxTFQvL9CQAAAAg"]
[Sun Nov 30 18:08:32.813611 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.save"] [unique_id "aSx6EF1RgwzjQxTFQvL9CQAAAAg"]
[Sun Nov 30 18:08:33.043386 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSx6EV1RgwzjQxTFQvL9CgAAAAg"]
[Sun Nov 30 18:08:33.043606 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSx6EV1RgwzjQxTFQvL9CgAAAAg"]
[Sun Nov 30 18:08:33.043858 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.production"] [unique_id "aSx6EV1RgwzjQxTFQvL9CgAAAAg"]
[Sun Nov 30 18:08:33.273301 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9CwAAAAg"]
[Sun Nov 30 18:08:33.273478 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9CwAAAAg"]
[Sun Nov 30 18:08:33.273684 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9CwAAAAg"]
[Sun Nov 30 18:08:33.273901 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/src/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9CwAAAAg"]
[Sun Nov 30 18:08:33.503951 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9DAAAAAg"]
[Sun Nov 30 18:08:33.504116 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9DAAAAAg"]
[Sun Nov 30 18:08:33.504337 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9DAAAAAg"]
[Sun Nov 30 18:08:33.504542 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/assets/.env.bak"] [unique_id "aSx6EV1RgwzjQxTFQvL9DAAAAAg"]
[Sun Nov 30 18:08:33.734192 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSx6EV1RgwzjQxTFQvL9DQAAAAg"]
[Sun Nov 30 18:08:33.734397 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSx6EV1RgwzjQxTFQvL9DQAAAAg"]
[Sun Nov 30 18:08:33.734641 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSx6EV1RgwzjQxTFQvL9DQAAAAg"]
[Sun Nov 30 18:08:33.734852 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/config/.env.old"] [unique_id "aSx6EV1RgwzjQxTFQvL9DQAAAAg"]
[Sun Nov 30 18:08:33.964643 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSx6EV1RgwzjQxTFQvL9DgAAAAg"]
[Sun Nov 30 18:08:33.964805 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSx6EV1RgwzjQxTFQvL9DgAAAAg"]
[Sun Nov 30 18:08:33.965004 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSx6EV1RgwzjQxTFQvL9DgAAAAg"]
[Sun Nov 30 18:08:33.965208 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.backup"] [unique_id "aSx6EV1RgwzjQxTFQvL9DgAAAAg"]
[Sun Nov 30 18:08:34.194941 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "Dockerfile" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: Dockerfile found within REQUEST_FILENAME: /dockerfile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aSx6El1RgwzjQxTFQvL9DwAAAAg"]
[Sun Nov 30 18:08:34.195154 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aSx6El1RgwzjQxTFQvL9DwAAAAg"]
[Sun Nov 30 18:08:34.195370 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/Dockerfile"] [unique_id "aSx6El1RgwzjQxTFQvL9DwAAAAg"]
[Sun Nov 30 18:08:34.655622 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSx6El1RgwzjQxTFQvL9EQAAAAg"]
[Sun Nov 30 18:08:34.655841 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSx6El1RgwzjQxTFQvL9EQAAAAg"]
[Sun Nov 30 18:08:34.656058 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/.env.development"] [unique_id "aSx6El1RgwzjQxTFQvL9EQAAAAg"]
[Sun Nov 30 18:08:34.885885 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSx6El1RgwzjQxTFQvL9EgAAAAg"]
[Sun Nov 30 18:08:34.886137 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSx6El1RgwzjQxTFQvL9EgAAAAg"]
[Sun Nov 30 18:08:34.886428 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/web/.env"] [unique_id "aSx6El1RgwzjQxTFQvL9EgAAAAg"]
[Sun Nov 30 18:08:35.116049 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9EwAAAAg"]
[Sun Nov 30 18:08:35.116215 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9EwAAAAg"]
[Sun Nov 30 18:08:35.116442 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9EwAAAAg"]
[Sun Nov 30 18:08:35.116736 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/api/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9EwAAAAg"]
[Sun Nov 30 18:08:35.346222 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aSx6E11RgwzjQxTFQvL9FAAAAAg"]
[Sun Nov 30 18:08:35.346626 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aSx6E11RgwzjQxTFQvL9FAAAAAg"]
[Sun Nov 30 18:08:35.347081 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/storage/logs/laravel.log"] [unique_id "aSx6E11RgwzjQxTFQvL9FAAAAAg"]
[Sun Nov 30 18:08:35.577542 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSx6E11RgwzjQxTFQvL9FQAAAAg"]
[Sun Nov 30 18:08:35.577758 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSx6E11RgwzjQxTFQvL9FQAAAAg"]
[Sun Nov 30 18:08:35.577969 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/v1/.env"] [unique_id "aSx6E11RgwzjQxTFQvL9FQAAAAg"]
[Sun Nov 30 18:08:35.807467 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9FgAAAAg"]
[Sun Nov 30 18:08:35.807643 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9FgAAAAg"]
[Sun Nov 30 18:08:35.807851 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9FgAAAAg"]
[Sun Nov 30 18:08:35.808054 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/app/.env.old"] [unique_id "aSx6E11RgwzjQxTFQvL9FgAAAAg"]
[Sun Nov 30 18:08:36.037749 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSx6FF1RgwzjQxTFQvL9FwAAAAg"]
[Sun Nov 30 18:08:36.037971 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSx6FF1RgwzjQxTFQvL9FwAAAAg"]
[Sun Nov 30 18:08:36.038190 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/core/app/.env"] [unique_id "aSx6FF1RgwzjQxTFQvL9FwAAAAg"]
[Sun Nov 30 18:08:36.729804 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "997"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSx6FF1RgwzjQxTFQvL9GgAAAAg"]
[Sun Nov 30 18:08:36.729965 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSx6FF1RgwzjQxTFQvL9GgAAAAg"]
[Sun Nov 30 18:08:36.730165 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSx6FF1RgwzjQxTFQvL9GgAAAAg"]
[Sun Nov 30 18:08:36.730417 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 10, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/public/.env.old"] [unique_id "aSx6FF1RgwzjQxTFQvL9GgAAAAg"]
[Sun Nov 30 18:08:36.960105 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSx6FF1RgwzjQxTFQvL9GwAAAAg"]
[Sun Nov 30 18:08:36.960345 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSx6FF1RgwzjQxTFQvL9GwAAAAg"]
[Sun Nov 30 18:08:36.960576 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "86"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 5, 0, 0, 0"] [tag "event-correlation"] [hostname "pms.test.indacotrentino.com"] [uri "/apps/.env"] [unique_id "aSx6FF1RgwzjQxTFQvL9GwAAAAg"]
[Sun Nov 30 18:08:37.651647 2025] [:error] [pid 421120] [client 56.124.78.214:53804] [client 56.124.78.214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "